https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684155#M534960 <P>Hi,</P><P></P><P>Can someone please tell me what this statement does in combining dynamic and static nat in this manner? </P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d</P><P></P></PRE><P></P><P>Thanks.</P> Mon, 11 Mar 2019 21:03:58 GMT lcaruso 2019-03-11T21:03:58Z https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684155#M534960 <P>Hi,</P><P></P><P>Can someone please tell me what this statement does in combining dynamic and static nat in this manner? </P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d</P><P></P></PRE><P></P><P>Thanks.</P> Mon, 11 Mar 2019 21:03:58 GMT https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684155#M534960 lcaruso 2019-03-11T21:03:58Z https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684156#M534961 <HTML><HEAD></HEAD><BODY><P>Hi Icaruso,</P><P></P><P>Let me give it a try <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN>, the statement:</P><P></P><P>nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d</P><P></P><P>The purpose of this nat is u-turning the traffic on outside interface, if traffic from source </P><P>DM_INLINE_NETWORK going to the destination obj-a.b.c.d, should be dynamically patted to your outside interface.</P><P></P><P>In this Nat statement, the source is dynamically patted to outside interface and the destination is statically mapped to itself. If any traffic from DM_INLINE_NETWORK hits your outside interface, it would be u-turned and then patted to your outside interface, so the destination woudl see the packets coming from your outside IP.</P><P></P><P>Let me know if this helps, if you ahve any other queries, do post.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Wed, 27 Jul 2011 03:12:25 GMT https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684156#M534961 varrao 2011-07-27T03:12:25Z https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684157#M534962 <HTML><HEAD></HEAD><BODY><P>Hi Varun,</P><P></P><P>Thanks for your reply. </P><P></P><P>I guess I didn't understand the need for source dynamic. </P><P></P><P>Is that because DM_INLINE_NETWORK is actually an object with a list of several networks, so dynamic makes it possible to put all of them into one nat statement?</P></BODY></HTML> Wed, 27 Jul 2011 15:18:24 GMT https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684157#M534962 lcaruso 2011-07-27T15:18:24Z https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684158#M534963 <HTML><HEAD></HEAD><BODY><P>Hi Icaruso,</P><P></P><P>Yes the DM_INLINE_NETWORK is an object which might include a whole network and why we are using source dynamic is because, for all the host in the object, the destination would see the request coming from the inside interface of your firewall, so that is the reason for it. </P><P></P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Wed, 27 Jul 2011 15:30:49 GMT https://community.cisco.com/t5/network-security/combining-dynamic-and-static-nat/m-p/1684158#M534963 varrao 2011-07-27T15:30:49Z