https://community.cisco.com/t5/network-security/simple-nat-question/m-p/2135250#M393948 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You would use this type of NAT (Identity NAT) when you want to traffic from your inside interface to flow through to your outside interface without changing the address. An example scenario would be a private MPLS cloud with separate clients. Each client has a unique address space so NATing is not necessary. Using Identity NAT is the solution because it provides us with the privacy of only allowing inside hosts to initiate communication with outside hosts.</P><P></P><P>This is when your outside its a private range as well, if it is public you use regular PAT with the outside interface or any public IP:</P><P></P><P>object network ALL_ZEROS</P><P>subnet 0.0.0.0 0.0.0.0</P><P>nat (inside,outside) dynamic interface</P><P></P><P>On very specific/rare circumstances you want to use this NAT. </P><P></P><P>Regards,</P><P>Juan Lombana</P><P></P><P>Please rate helpful posts.</P></BODY></HTML> Wed, 19 Dec 2012 13:57:43 GMT julomban 2012-12-19T13:57:43Z https://community.cisco.com/t5/network-security/simple-nat-question/m-p/2135249#M393945 <P>Will someone please explain what this NAT rules does?&nbsp; I'm confused by what happens to the packet when you use "dynamic" and a host that is 0.0.0.0</P><P></P><P>object network obj-0.0.0.0 </P><P> host 0.0.0.0</P><P>!</P><P>object network ALL_ZEROS</P><P> subnet 0.0.0.0 0.0.0.0</P><P> nat (inside,outside) dynamic obj-0.0.0.0</P><P></P><P>Thanks in advance!</P> Tue, 12 Mar 2019 00:39:03 GMT https://community.cisco.com/t5/network-security/simple-nat-question/m-p/2135249#M393945 anowell 2019-03-12T00:39:03Z https://community.cisco.com/t5/network-security/simple-nat-question/m-p/2135250#M393948 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You would use this type of NAT (Identity NAT) when you want to traffic from your inside interface to flow through to your outside interface without changing the address. An example scenario would be a private MPLS cloud with separate clients. Each client has a unique address space so NATing is not necessary. Using Identity NAT is the solution because it provides us with the privacy of only allowing inside hosts to initiate communication with outside hosts.</P><P></P><P>This is when your outside its a private range as well, if it is public you use regular PAT with the outside interface or any public IP:</P><P></P><P>object network ALL_ZEROS</P><P>subnet 0.0.0.0 0.0.0.0</P><P>nat (inside,outside) dynamic interface</P><P></P><P>On very specific/rare circumstances you want to use this NAT. </P><P></P><P>Regards,</P><P>Juan Lombana</P><P></P><P>Please rate helpful posts.</P></BODY></HTML> Wed, 19 Dec 2012 13:57:43 GMT https://community.cisco.com/t5/network-security/simple-nat-question/m-p/2135250#M393948 julomban 2012-12-19T13:57:43Z