Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1015
Views
0
Helpful
3
Replies

ASA NAT question

meidanmeshulam
Level 1
Level 1

‎03-31-2021 10:30 AM

Hi everyone,

Here's my question, given the next NAT rule:
nat (any,DMZ) source static any any destination static nat_12.164.193.111 vip_172.24.56.77 unidirectional description abcd ,
Does the Cisco ASA uses the outgoing interface as a matching criteria for that NAT rule ?
If so, how can the ASA know, what is the exit interface ??? Nat is prior to Egress interface as far as I know.

Thanks a lot !


0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎03-31-2021 09:01 PM

Hi

In terms of order of operations, traffic from inside to outside (from your other zones to this dmz zone), routing comes right before nat and this how it knows where the next hop is.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

meidanmeshulam
Level 1
Level 1
In response to Francesco Molino

‎04-01-2021 06:52 AM

Thanks for your replay,

So in my case the traffic is actually coming from the outside (Internet int) to the DMZ and not vice versa.
regardless, are you sure that routing comes before NAT ? can you back it up ?

 

Thank you !

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to meidanmeshulam

‎04-02-2021 07:16 PM

I’m re-reading my post and I replied wrong for ASA. My reply stands for routers for inside to outside. 

On ASA, however, nat comes before l3 route module; it uses the interface you configure. 

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card