topic static nat versus dynamic nat in Network Security https://community.cisco.com/t5/network-security/static-nat-versus-dynamic-nat/m-p/1734403#M496343 <P>we are running 8.4(2) on the asa with the below configuration</P><P>we basically have a static for .7 on .25 and a nat for .7 for port direction</P><P>with manual nat that takes precedense over auto nat within the object group am I correct that I dont<BR />need the dynamic statement and that its redundant?</P><P><BR />object network obj-10.X.0.25-02<BR />host 10.X.0.25</P><P><BR />object network obj-10.X.0.25<BR />nat (any,INSIDE) static X.X.X.7 dns</P><P></P><P>object network obj-10.X.0.25-01<BR />nat (INSIDE,OUTSIDE) static X.X.X.7 service tcp smtp smtp</P><P></P><P>object network obj-10.X.0.25-02<BR />nat (INSIDE,OUTSIDE) dynamic X.X.X.7</P> Mon, 11 Mar 2019 21:34:50 GMT JMCNEL 2019-03-11T21:34:50Z static nat versus dynamic nat https://community.cisco.com/t5/network-security/static-nat-versus-dynamic-nat/m-p/1734403#M496343 <P>we are running 8.4(2) on the asa with the below configuration</P><P>we basically have a static for .7 on .25 and a nat for .7 for port direction</P><P>with manual nat that takes precedense over auto nat within the object group am I correct that I dont<BR />need the dynamic statement and that its redundant?</P><P><BR />object network obj-10.X.0.25-02<BR />host 10.X.0.25</P><P><BR />object network obj-10.X.0.25<BR />nat (any,INSIDE) static X.X.X.7 dns</P><P></P><P>object network obj-10.X.0.25-01<BR />nat (INSIDE,OUTSIDE) static X.X.X.7 service tcp smtp smtp</P><P></P><P>object network obj-10.X.0.25-02<BR />nat (INSIDE,OUTSIDE) dynamic X.X.X.7</P> Mon, 11 Mar 2019 21:34:50 GMT https://community.cisco.com/t5/network-security/static-nat-versus-dynamic-nat/m-p/1734403#M496343 JMCNEL 2019-03-11T21:34:50Z static nat versus dynamic nat https://community.cisco.com/t5/network-security/static-nat-versus-dynamic-nat/m-p/1734404#M496344 <HTML><HEAD></HEAD><BODY><P>Yes thats right manual nat always takes precedence over auto nat. But I am not sure, the ones that you have pasted arer all auto nats.None of them is manual nat.</P><P></P><P>If you want all of them to work then keep the nats in this order:</P><P></P><P></P><P>object network obj-10.X.0.25-01<BR />nat (INSIDE,OUTSIDE) static X.X.X.7 service tcp smtp smtp</P><P></P><P>object network obj-10.X.0.25-02<BR />nat (INSIDE,OUTSIDE) dynamic X.X.X.7</P><P></P><P></P><P>object network obj-10.X.0.25</P><P>nat (any,INSIDE) static X.X.X.7 dns</P><P></P><P>The idea is to keep the most specific ones on the top and general one on the bottom.</P><P></P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Thu, 06 Oct 2011 15:40:29 GMT https://community.cisco.com/t5/network-security/static-nat-versus-dynamic-nat/m-p/1734404#M496344 varrao 2011-10-06T15:40:29Z