https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815582#M491650 <P>Hi,</P><P></P><P>Can we have PAT with nat and global statements for source natting a traffic from Lower security interface to Higher security? If nat &amp; global can't achieve this, what are the Possibilities.</P><P></P><P>merci,</P><P>arun</P> Mon, 11 Mar 2019 21:59:41 GMT arun.mohan 2019-03-11T21:59:41Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815582#M491650 <P>Hi,</P><P></P><P>Can we have PAT with nat and global statements for source natting a traffic from Lower security interface to Higher security? If nat &amp; global can't achieve this, what are the Possibilities.</P><P></P><P>merci,</P><P>arun</P> Mon, 11 Mar 2019 21:59:41 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815582#M491650 arun.mohan 2019-03-11T21:59:41Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815583#M491656 <HTML><HEAD></HEAD><BODY><P>Well you can do outside nat for it, you would need to use the following commands:</P><P></P><P>nat (outside) 1 0.0.0.0 0.0.0.0 outside</P><P>global (inside) 1 interface</P><P></P><P>Hope that helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 06 Dec 2011 09:53:32 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815583#M491656 varrao 2011-12-06T09:53:32Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815584#M491657 <HTML><HEAD></HEAD><BODY><P> Have you tried this to be working, coz in my case the i need to have the PAT for a particular port access needs to be PAT.</P><P></P><P>merci,</P><P>arun</P></BODY></HTML> Tue, 06 Dec 2011 10:47:18 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815584#M491657 arun.mohan 2011-12-06T10:47:18Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815585#M491660 <HTML><HEAD></HEAD><BODY><P>Yes, it works fine and is a supported config, but can you elaborate on your requirement a little bit more?</P><P></P><P>Varun</P></BODY></HTML> Tue, 06 Dec 2011 11:04:27 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815585#M491660 varrao 2011-12-06T11:04:27Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815586#M491661 <HTML><HEAD></HEAD><BODY><P> oh ok great. Here is my case i need to NAT both the source and destination from one interface to the other.</P><P></P><P>For flow from MPLS --&gt; Inside</P><P></P><P>Source on MPLS n/w: 192.168.1.100(source will be all RFC 1918 subnets)</P><P>Destination on MPLS nw: 10.1.1.100</P><P></P><P>Source on Inside n/w: 172.16.1.100(All 1918 subnet sources on MPLS will need to be translated to this IP)</P><P>Destination on Inside n/w: 172.31.2.100</P><P></P><P>The Destination NAT is achieve through Static command from the higher to Lower interface.</P><P></P><P>Is this info helpfull?</P><P></P><P>merci,</P><P>arun</P></BODY></HTML> Tue, 06 Dec 2011 11:21:56 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815586#M491661 arun.mohan 2011-12-06T11:21:56Z https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815587#M491662 <HTML><HEAD></HEAD><BODY><P>When you specify a group of IP address(es) in a nat command, then you must perform NAT on that group of addresses when they access any lower or same security level interface; you must apply a global command with the same NAT ID on each interface, or use a static command. NAT is not required for that group when it accesses a higher security interface because to perform NAT from outside to inside you must create a separate nat command using the outside keyword. If you do apply outside NAT, then the NAT requirements preceding come into effect for that group of addresses when they access all higher security interfaces. Traffic identified by a static command is not affected. </P><P></P><P></P><P>nat (outside) 1 network netmaks outside</P><P>global (inside) 1 ip_address&nbsp;&nbsp; &lt;--- used for PAT</P></BODY></HTML> Tue, 06 Dec 2011 12:02:41 GMT https://community.cisco.com/t5/network-security/lower-security-to-higher-security-interface-pat/m-p/1815587#M491662 svaish 2011-12-06T12:02:41Z