https://community.cisco.com/t5/network-security/regarding-xlate-info-in-asa/m-p/5346068#M1123458 <P>The NAT configuration on <EM>ham-vpn-fw-of2</EM> appears to have been done using a range of network objects.</P> <P>The first set of external IPs are non-contiguous and map to a higher number of internal IPs than external IPs. If you do not configure this, it would be worth understanding the reasoning behind this design as it is not immediately obvious from the snippet.</P> <P>The second NAT translation on <EM>ham-vpn-fw-of2</EM> is a one-to-many static NAT configuration.</P> <P>If there are no particular design requirements forcing either of these NAT configurations, it would be <STRONG>highly recommended</STRONG> to transition to dynamic NAT overload (aka PAT) as it is much easier to maintain for generic use cases.</P> Tue, 11 Nov 2025 11:33:45 GMT Ben Weber 2025-11-11T11:33:45Z https://community.cisco.com/t5/network-security/regarding-xlate-info-in-asa/m-p/5345940#M1123452 <P>generally , in one static 1 to 1 NAT the output of show xlate shows as below right .</P><P>ham-vpn-fw/ham-vpn-fw# sh xlate | in 172.20.164.139&nbsp;</P><P>NAT from outside:10.90.0.18 to cbtsmgmt:172.20.164.139&nbsp;</P><P>ham-vpn-fw/ham-vpn-fw#</P><P>but in one &nbsp;of my case showing as belwo:</P><P>ham-vpn-fw/ham-vpn-fw-of2# sh xlate | in 172.22.201.6<BR /><STRONG>&nbsp;&nbsp;&nbsp; 10.27.18.56, 10.57.14.129, 10.27.14.18 to cbtsmgmt:172.22.201.1, 172.22.201.2, 172.22.201.3, 172.22.201.4, 172.22.201.5, 172.22.201.6</STRONG><BR />&nbsp;&nbsp;&nbsp; 10.27.17.4 to cbtsmgmt:172.22.201.65, 172.22.201.66,<BR />&nbsp;&nbsp;&nbsp; 172.22.201.67, 172.22.201.68<BR />ham-vpn-fw/ham-vpn-fw-of2#</P><P>What is difference between of them ?</P> Mon, 10 Nov 2025 19:45:02 GMT https://community.cisco.com/t5/network-security/regarding-xlate-info-in-asa/m-p/5345940#M1123452 venkatappan 2025-11-10T19:45:02Z https://community.cisco.com/t5/network-security/regarding-xlate-info-in-asa/m-p/5346068#M1123458 <P>The NAT configuration on <EM>ham-vpn-fw-of2</EM> appears to have been done using a range of network objects.</P> <P>The first set of external IPs are non-contiguous and map to a higher number of internal IPs than external IPs. If you do not configure this, it would be worth understanding the reasoning behind this design as it is not immediately obvious from the snippet.</P> <P>The second NAT translation on <EM>ham-vpn-fw-of2</EM> is a one-to-many static NAT configuration.</P> <P>If there are no particular design requirements forcing either of these NAT configurations, it would be <STRONG>highly recommended</STRONG> to transition to dynamic NAT overload (aka PAT) as it is much easier to maintain for generic use cases.</P> Tue, 11 Nov 2025 11:33:45 GMT https://community.cisco.com/t5/network-security/regarding-xlate-info-in-asa/m-p/5346068#M1123458 Ben Weber 2025-11-11T11:33:45Z