https://community.cisco.com/t5/network-security/static-nat-dynamic-nat-and-pat/m-p/2146480#M358133 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Unless I have missed some Cisco documentation, which certainly is possible, I think Cisco has only given the basic information how their firewalls order the NAT rules.</P><P></P><P>I would first suggest reading the appropriate Configuration Guide for your firewall software level and checking the section that has to do with the ordering of the NAT</P><P></P><P>Here is the section in 8.2 software Configuration Guide</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1079279">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1079279</A></P><P></P><P>Here is the section in 8.4 software Configuration Guide (which has totally rewritten NAT format introduced in 8.3(1))</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157</A></P><P></P><P>If you want to further check out the new NAT format I would suggest my own document here on the forums <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-31116">https://supportforums.cisco.com/docs/DOC-31116</A></P><P></P><P></P><P>Generally the Cisco firewall NAT rule has been decided using both the ordering of the configuration and the type of the NAT. Also when dealing with NAT configurations that all apply to the same source addresses and same NAT type the specific rule has usually been the one chosen. Though I have to say I have gotten a bit distanced from the 8.2 and pre configuration format and operation.</P><P></P><P>- Jouni</P></BODY></HTML> Tue, 16 Apr 2013 15:18:59 GMT Jouni Forss 2013-04-16T15:18:59Z https://community.cisco.com/t5/network-security/static-nat-dynamic-nat-and-pat/m-p/2146479#M358132 <P>Hi All,</P><P></P><P>I have a question about order of NAtting among Static NAT, Dynamic NAT and PATting. If any IP is natted in ASA configuration with Static, dynamic NAT and PAT, then as we know packet would follow the order as below- </P><P>Static NAT--&gt;Dynamic NAT --&gt;PAT </P><P>Can anyone help me understand me why? Is it using some principle like "Principle of MAX match in routing"?</P><P></P><P></P><P>Regards, <BR />Saurabh&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 01:29:07 GMT https://community.cisco.com/t5/network-security/static-nat-dynamic-nat-and-pat/m-p/2146479#M358132 Saurabh Srivastava 2019-03-12T01:29:07Z https://community.cisco.com/t5/network-security/static-nat-dynamic-nat-and-pat/m-p/2146480#M358133 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Unless I have missed some Cisco documentation, which certainly is possible, I think Cisco has only given the basic information how their firewalls order the NAT rules.</P><P></P><P>I would first suggest reading the appropriate Configuration Guide for your firewall software level and checking the section that has to do with the ordering of the NAT</P><P></P><P>Here is the section in 8.2 software Configuration Guide</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1079279">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1079279</A></P><P></P><P>Here is the section in 8.4 software Configuration Guide (which has totally rewritten NAT format introduced in 8.3(1))</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157</A></P><P></P><P>If you want to further check out the new NAT format I would suggest my own document here on the forums <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-31116">https://supportforums.cisco.com/docs/DOC-31116</A></P><P></P><P></P><P>Generally the Cisco firewall NAT rule has been decided using both the ordering of the configuration and the type of the NAT. Also when dealing with NAT configurations that all apply to the same source addresses and same NAT type the specific rule has usually been the one chosen. Though I have to say I have gotten a bit distanced from the 8.2 and pre configuration format and operation.</P><P></P><P>- Jouni</P></BODY></HTML> Tue, 16 Apr 2013 15:18:59 GMT https://community.cisco.com/t5/network-security/static-nat-dynamic-nat-and-pat/m-p/2146480#M358133 Jouni Forss 2013-04-16T15:18:59Z