https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188582#M356900 <HTML><HEAD></HEAD><BODY><P>That was very helpful!</P><P></P><P>Thank you! </P><P></P><P>Best, ~sK </P></BODY></HTML> Fri, 08 Feb 2013 20:07:22 GMT sadik.bash 2013-02-08T20:07:22Z https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188580#M356898 <P>Hello, </P><P></P><P>Could someone explain to me what this command does&nbsp; "</P><P>nat (INSIDE,OUTSIDE) after-auto source dynamic any interface"? </P><P></P><P>Much appreciated. </P><P></P><P>Best, ~sK </P> Tue, 12 Mar 2019 00:58:15 GMT https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188580#M356898 sadik.bash 2019-03-12T00:58:15Z https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188581#M356899 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>This is a pretty typical Default PAT rule</P><P></P><P>And I say default in the sense that if a single host doesnt have any other translations towards the "OUTSIDE" interface, this will be the NAT rule that will apply to its connections.</P><P></P><P>To go through the whole NAT configuration</P><P></P><P><STRONG>nat (INSIDE,OUTSIDE) after-auto source dynamic any interface</STRONG></P><P></P><UL><LI><STRONG>INSIDE</STRONG> = Is the source interface for the NAT</LI><LI><STRONG>OUTSIDE</STRONG> = Is the destination interface for the NAT&nbsp;&nbsp; <UL><LI>So its meant to be a NAT for INSIDE users heading to network behind OUTSIDE</LI></UL></LI><LI><STRONG>after-auto</STRONG> = This configuration parameter simply moves this NAT configuration to the very end of the NAT configuration (called Section 3). It basicly says that its one of the last rules to be matched against and connections that is coming to the firewall.</LI><LI><STRONG>source dynamic any</STRONG> = A dynamic translations is done for the source hosts</LI><LI><STRONG>any</STRONG> = The source address behind interface INSIDE can be anything</LI><LI><STRONG>interface</STRONG> = The PAT IP address used is that which belongs to the destination interface which in this case is OUTSIDE</LI></UL><P></P><P><STRONG>EDIT:</STRONG> Heres a link to the NAT Rule Order on the ASA (8.4 software)</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157" rel="nofollow">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157</A></P><P></P><P>Hope the information was helpfull <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Fri, 08 Feb 2013 19:59:58 GMT https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188581#M356899 Jouni Forss 2013-02-08T19:59:58Z https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188582#M356900 <HTML><HEAD></HEAD><BODY><P>That was very helpful!</P><P></P><P>Thank you! </P><P></P><P>Best, ~sK </P></BODY></HTML> Fri, 08 Feb 2013 20:07:22 GMT https://community.cisco.com/t5/network-security/nat-after-auto/m-p/2188582#M356900 sadik.bash 2013-02-08T20:07:22Z