ASA 5505, 8.2, questions on NAT

sarahr202 · ‎07-12-2015

Hi Everybody,

I am trying to learn ASA ( totally new to this beast:)

ASA 5505,8.2 is assumed in below discussion

( 10.10.10.1)HOST--INSIDE--ASA-OUTSIDE

DYNAMIC NAT:

nat ( inside) 1 10.10.10.1 255.255.255.0
global (outside) 1 199.199.199.1 - 199.199.199.254

nat ( inside) 2 10.10.10.1 255.255.255.0
global (outside) 2 188.188.188.1 - 188.188.188.254

Let say ASA receives a packet from host ( 10.10.10.1) destined to 8.8.8.8 on its " INSIDE" int.

1)Will ASA use perform NAT using 199.199199.1---199.199.199.254 pool or 188.188.188.1 - 188.188.188.254?

STATIC NAT:

we have erased all configs, assume all the defaults.

static (inside,outside) 199.199.199.1 11.11.11.1

Let say ASA receives a packet on its INSIDE int with src ip 10.10.10.1 destined to 8.8.8.8

How will ASA react? Will it perform NAT or not ?

If yes, then why ( because the real Ip address is 11.11.11.1 in the NAT config)

Much appreciated!!

Thanks

Adeolu Owokade · ‎07-13-2015

For your dynamic NAT, I guess you meant to match "10.10.10.0" in the NAT statements? Either ways, those two NAT statements will not be accepted because they are duplicates. If you are looking to know the order of NAT rules used to match real addresses in general, refer here.

For your second question, no, NAT will not be performed because the packet will not match any NAT rules. Therefore, the ASA will try to route it normally (which of course will fail in a real world scenario).