Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
0
Helpful
1
Replies

Cisco ASA NAT Clarification

ravindra962
Level 1
Level 1

‎01-28-2020 05:41 AM

Hello Guys

 

I am getting a little confused with NAT's. Please help me understand it Correctly

 

In the ASA Code before 9, when we have a Static NAT for an Internal IP, your ACL should have the NAT IP as destination to allow traffic from a Client to that IP address. The traffic is allowed through the ACL and then NAT is applied.

 

In the ASA code after 9. when we have a Static NAT for an Internal IP, your ACL should have the Internal IP as destination to allow traffic from a Client to that IP address. The NAT is applied first and the traffic is allowed through the ACL.

 

Please correct me if I am wrong.

Thanks

Ravi

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎01-28-2020 05:51 AM

Hi,
Yes, in ASA 9.x you would specify the real/private IP address and port, not the NATTED IP address/port.

HTH
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card