cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


6765
Views
0
Helpful
11
Replies
Highlighted
Beginner

Packet flow in 8.4 ios

I think packet flow is changed in 8.3 IOS and above.

We are using private NAT for ouside traffic.

can any body explain me why we are using private IP for outside traffic

Everyone's tags (4)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Packet flow in 8.4 ios

You have 2 same questions, please mark as answered one of the 2 so we can focus just on one....


Sure,

https://supportforums.cisco.com/docs/DOC-12690

http://www.fir3net.com/Cisco-ASA/how-to-configure-nat-of-asa-83.html

https://supportforums.cisco.com/docs/DOC-9129

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Packet flow in 8.4 ios

Correct,

That is why you point to the private IP on the ACL because nat already has taken place.

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Packet flow in 8.4 ios

Hello,

Maybe this documment will help

https://learningnetwork.cisco.com/thread/46543

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

11 REPLIES 11

Packet flow in 8.4 ios

Hello Saurabh,

Before the NAT rule was checked after the ACL verification.

Now it backwards. The asa receive the traffic on the outside, performs the Un-Nat and then checks the ACL.

That is why you need to use the private range on the outside ACL.

Do you understand?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Packet flow in 8.4 ios

Duplicated! Please mark it as answered so we can focus on the other one

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Packet flow in 8.4 ios

do you hany document or cisco link where i can check this.

Packet flow in 8.4 ios

You have 2 same questions, please mark as answered one of the 2 so we can focus just on one....


Sure,

https://supportforums.cisco.com/docs/DOC-12690

http://www.fir3net.com/Cisco-ASA/how-to-configure-nat-of-asa-83.html

https://supportforums.cisco.com/docs/DOC-9129

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

Packet flow in 8.4 ios

sorry for the two posts, that document is related to NAT configuration...

I am saying about the packet flow explanation........

Sorry jcarvaja , I am disturbing u alot....

Packet flow in 8.4 ios

Hello Saurabh,

Not a problem, just close or mark as answered one of them..

Packet flow is going to be all of the same than this

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba9d00.shtml

The only thing that changed is that now you perform NAT and then ACL checks, that is why I posted those NAT and ACL documents.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Packet flow in 8.4 ios

As per you in 8.4 packet flow as below:

packet: ingress interface---> exiting connection(yes or no)--------No---> NAT-----> ACL----> and further....

If this is the flow then I got your point....

Thanks for your posting and explanation.

Packet flow in 8.4 ios

Correct,

That is why you point to the private IP on the ACL because nat already has taken place.

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

Packet flow in 8.4 ios

Thanks for your post.

do cisco has explained the 8.3 or above packet flow any where...

Packet flow in 8.4 ios

Hello,

Maybe this documment will help

https://learningnetwork.cisco.com/thread/46543

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hi Julio and other friends,I

Hi Julio and other friends,

I was going through the Doc and the Fir3net link has changed.

Please find the new link below.

 

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-nat.html

 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here