Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1706
Views
0
Helpful
5
Replies

8.3 order of nat

Go to solution
sonybabu2k1
Level 1
Level 1

‎09-25-2010 04:26 AM - edited ‎03-11-2019 11:45 AM

Hi,

I have a doubt regarding order of nat in 8.3. In cisco documentation at one place it says that order is


–Network object NAT—Automatically ordered in the NAT table.

–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634

But in another place in table the order is like:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

Could anyone please clarify on this ?

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-25-2010 04:29 AM

Hi Sony,

Yes, the documentation is correct.

The NAT order of operation is:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.

Hope that makes sense.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-25-2010 04:29 AM

Hi Sony,

Yes, the documentation is correct.

The NAT order of operation is:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.

Hope that makes sense.

0 Helpful

Go to solution
sonybabu2k1
Level 1
Level 1
In response to Jennifer Halim

‎09-25-2010 04:40 AM

Hi halijenn,

Thanks for the reply, so the first one (shown below) is incorrect. right ?

–Network object NAT—Automatically ordered in the NAT table.
–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634

Thanks

Sony

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to sonybabu2k1

‎09-25-2010 04:47 AM

Yes, you are absolutely right. The Twice NAT section 1 should come first before Network object NAT, as per the following:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Jennifer Halim

‎09-25-2010 04:48 AM

I think what the document means to say is (for that particular section of Order of NAT rules) is to use "Network object NAT" first whenever possible, and only use "Twice NAT" if you can't configure it via "Network object NAT".

0 Helpful

Go to solution
sonybabu2k1
Level 1
Level 1
In response to Jennifer Halim

‎09-25-2010 05:10 AM

Thanks halijenn, i think the documentation is a bit confusing. I would appreciate if you could inform documentation people about this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card