https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011482#M147006 <P>Hello Marius,</P> <P>Thanks for the reply.</P> <P></P> <P>I have configured both Manual and Auto statement.</P> <P></P> <P>ciscoasa# sh nat<BR />Manual NAT Policies (Section 1)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />Auto NAT Policies (Section 2)<BR />1 (inside) to (outside) source dynamic local interface<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />ciscoasa#</P> <P></P> <P>I configured below statement to put Auto rule before manual rule but NAT rule order didn't changed.</P> <P>nat (inside,outside) after-auto source dynamic local global</P> <P>When I deleted the&nbsp; manual nat rule and once again configured below statement then Auto rule was before manual rule</P> <P>nat (inside,outside) after-auto source dynamic local global</P> <P>ciscoasa(config)# sh nat<BR /><BR />Auto NAT Policies (Section 2)<BR />1 (inside) to (outside) source dynamic local interface<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />Manual NAT Policies (Section 3)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />ciscoasa(config)#</P> <P></P> <P>I need to know whether we cannot change the NAT order with in existing configuration ??</P> <P>it's seem like that to place Auto nat before Manula that we need to delete the Manual nat and reconfigure it ?? Am i right</P> <P>I am just to know this from learning prospective.</P> <P></P> Thu, 02 Feb 2017 11:34:10 GMT negithecool 2017-02-02T11:34:10Z https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011480#M147004 <P>Hello,</P> <P></P> <P>I am running ASA 8.4 and will be grateful is someone can resolve my concern.</P> <P></P> <P>I performed below steps</P> <P>1.Manual NAT</P> <P>nat (inside,outside) source dynamic local global</P> <P>object network local<BR />&nbsp;subnet 8.8.8.0 255.255.255.0<BR />object network global<BR />&nbsp;range 192.168.20.2 192.168.20.4</P> <P>2. Auto NAT</P> <P>object network local</P> <P>subnet 8.8.8.0 255.255.255.0<BR />nat (inside,outside) dynamic global</P> <P>ciscoasa(config)# sh nat<BR />Manual NAT Policies (Section 1)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 4, untranslate_hits = 0<BR /><BR />Auto NAT Policies (Section 2)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0</P> <P>At this stage is it possible to change NAT order through CLI and put auto nat before manual nat ?? without deleting any nat rule.</P> <P>I tried to run below command to change the NAT order but i am getting the same output as before and Manual NAT is above Auto NAT.</P> <P>nat (inside,outside) after-auto source dynamic local global</P> <P></P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 08:52:11 GMT https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011480#M147004 negithecool 2019-03-12T08:52:11Z https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011481#M147005 <P><EM><STRONG>At this stage is it possible to change NAT order through CLI and put auto nat before manual nat ?? without deleting any nat rule.</STRONG></EM></P> <P><SPAN>no this is not possible. &nbsp;Auto NAT rules cannot be placed in the Manual NAT section. &nbsp;You will need to recreate the rule in manual NAT. &nbsp;Placing a NAT rule in after-auto manual NAT will cause those manual NAT rules to be matched after the Auto-NAT rules have been matched. &nbsp;So, if you have any rule in Auto NAT that will match the traffic then you will never match your rule in Auto NAT.</SPAN></P> <P>What are you trying to achieve?</P> <P>--</P> <P>Please remember to select a correct answer and rate helpful posts</P> Thu, 02 Feb 2017 09:29:11 GMT https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011481#M147005 Marius Gunnerud 2017-02-02T09:29:11Z https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011482#M147006 <P>Hello Marius,</P> <P>Thanks for the reply.</P> <P></P> <P>I have configured both Manual and Auto statement.</P> <P></P> <P>ciscoasa# sh nat<BR />Manual NAT Policies (Section 1)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />Auto NAT Policies (Section 2)<BR />1 (inside) to (outside) source dynamic local interface<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />ciscoasa#</P> <P></P> <P>I configured below statement to put Auto rule before manual rule but NAT rule order didn't changed.</P> <P>nat (inside,outside) after-auto source dynamic local global</P> <P>When I deleted the&nbsp; manual nat rule and once again configured below statement then Auto rule was before manual rule</P> <P>nat (inside,outside) after-auto source dynamic local global</P> <P>ciscoasa(config)# sh nat<BR /><BR />Auto NAT Policies (Section 2)<BR />1 (inside) to (outside) source dynamic local interface<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR /><BR />Manual NAT Policies (Section 3)<BR />1 (inside) to (outside) source dynamic local global<BR />&nbsp;&nbsp;&nbsp; translate_hits = 0, untranslate_hits = 0<BR />ciscoasa(config)#</P> <P></P> <P>I need to know whether we cannot change the NAT order with in existing configuration ??</P> <P>it's seem like that to place Auto nat before Manula that we need to delete the Manual nat and reconfigure it ?? Am i right</P> <P>I am just to know this from learning prospective.</P> <P></P> Thu, 02 Feb 2017 11:34:10 GMT https://community.cisco.com/t5/network-security/nat-in-asa/m-p/3011482#M147006 negithecool 2017-02-02T11:34:10Z