topic Order of NAT in Network Security

Order of NAT

sushil — Mon, 11 Mar 2019 20:24:30 GMT

Hi,

Wanted to know order of NAT from version 8.3 onwards.

Deocumentation says Section 1 Twice Nat

Section 2 Network Object Nat

Section 3 Twice Nat

By default twice nat falls in Section1 (Correct me if I am wrong). How come it also falls in Sections3 as well.Is it something like bypassing nat (more like Nat 0 of older versions) while configuring VPN?

Reg,

Sushil

Re: Order of NAT

Shrikant Sundaresh — Thu, 21 Apr 2011 12:12:36 GMT

Hi Sushil,

The order of NAT in 8.3 and above is:

1. Manual Nat

2. Auto NAT

3. After-Auto

After auto, are Manual Nat's with the "after-auto" keyword in them. These are processed after Manual nat rules without that keyword, and auto nat.

syntax: nat (intf1,intf2) after-auto ....

An ideal scenario, where you would use this would be:

All statics configured using Auto NAT.

For some reason, interface pat for internet is to be done using manual nat.

If you use the class 1 manual nat, then it will break all the auto nat static forwards. Hence, you add after-auto, so that it is processed only after the statics are checked.

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.

Re: Order of NAT

sushil — Thu, 21 Apr 2011 12:38:15 GMT

Ultimate discription Shrikant.Thanks a ton.

Reg,

Sushil