<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: ASA NAT in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758600#M8550</link>
    <description>&lt;P&gt;the asa has 3 main categories of nat - manual nat, object nat (auto nat), and manual nat after auto&lt;/P&gt;&lt;P&gt;these are actually applied in sequential order like an acl&lt;/P&gt;&lt;P&gt;sh nat - will show the order of the rules&lt;/P&gt;&lt;P&gt;sh run nat - to see the actual nat config&lt;/P&gt;&lt;P&gt;this is using static nat - this entry is also known as nat exemption &amp;amp; is often used for vpn traffic&lt;/P&gt;&lt;P&gt;for traffic using any ingress interface &amp;amp; egressing the outside interface - this nat rule will apply&lt;/P&gt;&lt;P&gt;obj-grp 1 has a static mapping to itself only when the dest is obj-grp 2&lt;/P&gt;&lt;P&gt;cisco rec to use no-proxy-arp &amp;amp; route-lookup - so asa int wont send arp for next hop &amp;amp; will use route table for traffic&lt;/P&gt;&lt;P&gt;regards, mk&lt;/P&gt;</description>
    <pubDate>Wed, 05 Dec 2018 22:36:31 GMT</pubDate>
    <dc:creator>mkazam001</dc:creator>
    <dc:date>2018-12-05T22:36:31Z</dc:date>
    <item>
      <title>ASA NAT</title>
      <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758386#M8547</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Please explain this configuration.&amp;nbsp; What kind of NAT is it using and how can I learn how to configure it?&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;nat(any,outside) source static OBJECT-GROUP-1 OBJECT-GROUP-1 destination static OBJECT-GROUP-2 OBJECT-GROUP-2 no-proxy-arp route-lookup&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;nat(any,outside) after-auto source dynamic any interface&lt;/STRONG&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 21 Feb 2020 16:32:32 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758386#M8547</guid>
      <dc:creator>Waterbird</dc:creator>
      <dc:date>2020-02-21T16:32:32Z</dc:date>
    </item>
    <item>
      <title>Re: ASA NAT</title>
      <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758531#M8548</link>
      <description>&lt;P&gt;There is a good document to understand please refer below document :&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.netcraftsmen.com/nat-configuration-on-asa-8-4-part-2/" target="_blank"&gt;https://www.netcraftsmen.com/nat-configuration-on-asa-8-4-part-2/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_overview.html#wp1118157" target="_blank"&gt;https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_overview.html#wp1118157&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 05 Dec 2018 20:43:09 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758531#M8548</guid>
      <dc:creator>balaji.bandi</dc:creator>
      <dc:date>2018-12-05T20:43:09Z</dc:date>
    </item>
    <item>
      <title>Re: ASA NAT</title>
      <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758532#M8549</link>
      <description>&lt;P&gt;When going out of the outside interface from&amp;nbsp;OBJECT-GROUP-1 to&amp;nbsp;OBJECT-GROUP-2, you don't do any NAT. For the rest of the traffic going out of interface outside you PAT (or hide-nat/masquerade) the source to the IP of the outside interface.&lt;/P&gt;
&lt;P&gt;For learning more, Jounis intro is still a good read:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.cisco.com/t5/security-documents/asa-nat-8-3-nat-operation-and-configuration-format-cli/ta-p/3143050" target="_blank"&gt;https://community.cisco.com/t5/security-documents/asa-nat-8-3-nat-operation-and-configuration-format-cli/ta-p/3143050&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 05 Dec 2018 20:43:01 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758532#M8549</guid>
      <dc:creator>Karsten Iwen</dc:creator>
      <dc:date>2018-12-05T20:43:01Z</dc:date>
    </item>
    <item>
      <title>Re: ASA NAT</title>
      <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758600#M8550</link>
      <description>&lt;P&gt;the asa has 3 main categories of nat - manual nat, object nat (auto nat), and manual nat after auto&lt;/P&gt;&lt;P&gt;these are actually applied in sequential order like an acl&lt;/P&gt;&lt;P&gt;sh nat - will show the order of the rules&lt;/P&gt;&lt;P&gt;sh run nat - to see the actual nat config&lt;/P&gt;&lt;P&gt;this is using static nat - this entry is also known as nat exemption &amp;amp; is often used for vpn traffic&lt;/P&gt;&lt;P&gt;for traffic using any ingress interface &amp;amp; egressing the outside interface - this nat rule will apply&lt;/P&gt;&lt;P&gt;obj-grp 1 has a static mapping to itself only when the dest is obj-grp 2&lt;/P&gt;&lt;P&gt;cisco rec to use no-proxy-arp &amp;amp; route-lookup - so asa int wont send arp for next hop &amp;amp; will use route table for traffic&lt;/P&gt;&lt;P&gt;regards, mk&lt;/P&gt;</description>
      <pubDate>Wed, 05 Dec 2018 22:36:31 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-nat/m-p/3758600#M8550</guid>
      <dc:creator>mkazam001</dc:creator>
      <dc:date>2018-12-05T22:36:31Z</dc:date>
    </item>
    <item>
      <title>Re: ASA NAT</title>
      <link>https://community.cisco.com/t5/network-security/asa-nat/m-p/3759009#M8551</link>
      <description>&lt;P&gt;This document you provided a link for was very helpful in providing an overview of the new NAT.&amp;nbsp; Exactly what I was searching for.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This configuration I provided is for a VPN tunnel, so it seems the first statement is identity NAT, which is a variation of Twice NAT / Manual NAT, in Section 1.&amp;nbsp; It's purpose appears to be to not do NAT for the traffic from the first object group to the second object group or backwards, i.e. "no NAT for either source or destination networks".&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The second NAT statement appears to be dynamic PAT, implemented using Twice NAT / Manual NAT, in Section 3, and must serve to NAT traffic that is not contained in the object groups.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 06 Dec 2018 15:11:38 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-nat/m-p/3759009#M8551</guid>
      <dc:creator>Waterbird</dc:creator>
      <dc:date>2018-12-06T15:11:38Z</dc:date>
    </item>
  </channel>
</rss>

