https://community.cisco.com/t5/network-security/nat-interpretation/m-p/2335348#M344430 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As you say the NAT configurations are as follows</P><P></P><P>1.) The <STRONG>"global"</STRONG> and <STRONG>"nat"</STRONG> configurations define a Dynamic PAT configuration. The firewall will accept any source address behind <STRONG>"inside"</STRONG> interface and will NAT them to PAT IP address 36.161.215.110 when they are connecting to a network behind <STRONG>"outside"</STRONG></P><P></P><P>2.) The <STRONG>"static"</STRONG> configuration defines a Static NAT for a single host. This Static NAT overrides the earlier Dynamic PAT. It means that the local host defined in the Static NAT configuration will always use this NAT IP address towards the networks behind <STRONG>"outside"</STRONG> interface UNLESS a NAT0 configuration or Static Policy NAT overrides it.</P><P></P><P>3.) The <STRONG>"nat"</STRONG> configurations using the <STRONG>ID 0</STRONG> are NAT0 / NAT Exempt configurations. The <STRONG>"access-list"</STRONG> used in the configuration define the situation where NO NAT is performed for the traffic. The <STRONG>"access-list"</STRONG> defines the source network/host and destination network/host for the situation when there is NO NAT performed</P><P></P><P>So in the above cases the <STRONG>"access-list"</STRONG> configurations will tell you when traffic from behind those interface will NOT be NATed.</P><P></P><P>Hope this clarifies things <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please do remember to mark a reply as the correct answer if it answered your question.</P><P></P><P>Feel free to ask more if needed.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 19 Aug 2013 21:10:17 GMT Jouni Forss 2013-08-19T21:10:17Z https://community.cisco.com/t5/network-security/nat-interpretation/m-p/2335347#M344428 <P>Hi gurus of Cisco.</P><P>Could you explain me please, what meaning this line:</P><P></P><P>!First Nat</P><P>global (outside) 101 36.161.215.110 netmask 255.255.255.255</P><P><SPAN style="font-size: 10pt;">nat (inside) 101 0.0.0.0 0.0.0.0</SPAN></P><P></P><P>!Seconf Nat</P><P>nat (WAN-Inside) 0 access-list WAN-Inside_nat0_outbound</P><P><SPAN style="font-size: 10pt;">nat (inside) 0 access-list inside_nat0_outbound</SPAN></P><P></P><P>!Static NAT </P><P>static (inside,outside) 36.161.215.115 10.29.12.250 netmask 255.255.255.255</P><P></P><P></P><P>The First NAT meaning, everything from the inside network NAT to this IP address 36.161.215.110</P><P>The Static NAT, Nat this private address <SPAN style="font-size: 10pt;">10.29.12.250, to this public address </SPAN><SPAN style="font-size: 10pt;">36.161.215.115</SPAN></P><P></P><P></P><P>Could any specialist help me to interpretate the second nat?</P><P></P><P>Any othe comment is welcome.</P><P></P><P>Regards</P><P>Andres</P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P> Tue, 12 Mar 2019 02:27:25 GMT https://community.cisco.com/t5/network-security/nat-interpretation/m-p/2335347#M344428 a.guillen 2019-03-12T02:27:25Z https://community.cisco.com/t5/network-security/nat-interpretation/m-p/2335348#M344430 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As you say the NAT configurations are as follows</P><P></P><P>1.) The <STRONG>"global"</STRONG> and <STRONG>"nat"</STRONG> configurations define a Dynamic PAT configuration. The firewall will accept any source address behind <STRONG>"inside"</STRONG> interface and will NAT them to PAT IP address 36.161.215.110 when they are connecting to a network behind <STRONG>"outside"</STRONG></P><P></P><P>2.) The <STRONG>"static"</STRONG> configuration defines a Static NAT for a single host. This Static NAT overrides the earlier Dynamic PAT. It means that the local host defined in the Static NAT configuration will always use this NAT IP address towards the networks behind <STRONG>"outside"</STRONG> interface UNLESS a NAT0 configuration or Static Policy NAT overrides it.</P><P></P><P>3.) The <STRONG>"nat"</STRONG> configurations using the <STRONG>ID 0</STRONG> are NAT0 / NAT Exempt configurations. The <STRONG>"access-list"</STRONG> used in the configuration define the situation where NO NAT is performed for the traffic. The <STRONG>"access-list"</STRONG> defines the source network/host and destination network/host for the situation when there is NO NAT performed</P><P></P><P>So in the above cases the <STRONG>"access-list"</STRONG> configurations will tell you when traffic from behind those interface will NOT be NATed.</P><P></P><P>Hope this clarifies things <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please do remember to mark a reply as the correct answer if it answered your question.</P><P></P><P>Feel free to ask more if needed.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 19 Aug 2013 21:10:17 GMT https://community.cisco.com/t5/network-security/nat-interpretation/m-p/2335348#M344430 Jouni Forss 2013-08-19T21:10:17Z