https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056117#M399632 <HTML><HEAD></HEAD><BODY><P>Hello Robert,</P><P></P><P>The best practice is to place the general rules at the bottom, the specific ones at the top.</P><P></P><P>Order of NAT rules 8.3:</P><P>Twice Nat</P><P>Auto Nat</P><P>After Auto Nat</P><P></P><P>Regards,</P><P></P><P>Remember to rate all the helpul posts</P></BODY></HTML> Fri, 07 Sep 2012 17:02:14 GMT Julio Carvajal 2012-09-07T17:02:14Z https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056114#M399627 <P>Just started working with the post 8.3 CLI.</P><P></P><P>Traffic from outside to inside is translated correctly, but inside to outside is using the outside Interface IP instead of the mapped IP, 50.50.50.50.</P><P></P><P>I know I'm missing something small here.</P><P></P><P>This is the config that was build using ASDM.</P><P></P><P>Outside IP: 50.50.50.50</P><P>Inside IP: 10.10.10.10</P><P></P><P>object network TEST</P><P> host 50.50.50.50</P><P> description One-To-One NAT 50.50.50.50/10.10.10.10</P><P>!</P><P>object network TEST-priv</P><P> host 10.10.10.10</P><P> description One-To-One NAT 50.50.50.50/10.10.10.10</P><P>!</P><P>object network TEST-priv</P><P> nat (inside,outside) static TEST</P><P>!</P><P>nat (inside,outside) source dynamic IN2OUT interface description PAT Overload Using Interface Public IP</P><P></P><P>!</P><P>object network IN2OUT</P><P> subnet 0.0.0.0 0.0.0.0</P><P> description Inside To Outside NAT</P><P> !</P><P></P><P>Note: ASDM created object TEST-priv twice. One on top and one below the NAT configs.</P> Mon, 11 Mar 2019 23:51:27 GMT https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056114#M399627 Robert Ho 2019-03-11T23:51:27Z https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056115#M399629 <HTML><HEAD></HEAD><BODY><P>Hello Robert,</P><P></P><P>The problem here is the nat order.</P><P></P><P>Twice nat are review first so in order to make this work do the following on the CLI.</P><P></P><P>no nat (inside,outside) source dynamic IN2OUT interface description PAT Overload Using Interface Public IP</P><P>nat (inside,outside) after-auto source dynamic IN2OUT interface description PAT Overload Using Interface Public IP</P><P></P><P><STRONG>Remember to rate all of the answers, for the community that is more important that a thank</STRONG></P><P><STRONG>Regards,</STRONG></P><P></P><P></P><P>Julio</P></BODY></HTML> Fri, 07 Sep 2012 16:38:44 GMT https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056115#M399629 Julio Carvajal 2012-09-07T16:38:44Z https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056116#M399631 <HTML><HEAD></HEAD><BODY><P>looks like it is working, thanks!</P><P></P><P>so, best practice is to create the global nat entry at the very end?</P><P></P><P>do i still need to do this after creating additional mappings, or is this a one time deal?</P></BODY></HTML> Fri, 07 Sep 2012 16:49:11 GMT https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056116#M399631 Robert Ho 2012-09-07T16:49:11Z https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056117#M399632 <HTML><HEAD></HEAD><BODY><P>Hello Robert,</P><P></P><P>The best practice is to place the general rules at the bottom, the specific ones at the top.</P><P></P><P>Order of NAT rules 8.3:</P><P>Twice Nat</P><P>Auto Nat</P><P>After Auto Nat</P><P></P><P>Regards,</P><P></P><P>Remember to rate all the helpul posts</P></BODY></HTML> Fri, 07 Sep 2012 17:02:14 GMT https://community.cisco.com/t5/network-security/asa5525x-8-6-1-2-and-one-to-one-static-mapping-issue/m-p/2056117#M399632 Julio Carvajal 2012-09-07T17:02:14Z