04-30-2014 04:55 AM - edited 03-11-2019 09:08 PM
Hi All,
If I have the following 2 NAT statements on my ASA -
object network TestVid
nat (inside,outside) static 2xx.1xx.2.xx
!
nat (any,outside) after-auto source dynamic DynamicNatInside interface
The TestVid static NAT is for incoming calls to a video conf unit. Does this static NAT also work the reverse way? E.G if this machine wanted to go out to the internet, would this NAT be used outbound and the same IP used or is it just for Inbound?
Or would the unit use my other NAT statement if the address fell into the DynamicNatInside object?
Thanks
Solved! Go to Solution.
04-30-2014 05:00 AM
A static NAT configuration ca be used in- and outbound. Your TestVid will use the public IP 2xx.1xx.2.xx also for outbound traffic.
04-30-2014 05:00 AM
A static NAT configuration ca be used in- and outbound. Your TestVid will use the public IP 2xx.1xx.2.xx also for outbound traffic.
04-30-2014 05:07 AM
Hi Karsten,
Thanks for that. Are my two NAT statements processed in a certain order on the ASA? e.g Static NATs first, then my more generic NAT statement?
04-30-2014 05:22 AM
Yes, there is a specific order which is very well explained in the config-guide:
04-30-2014 05:27 AM
Your nat entry with "after-auto" keyword will be processed last in the example you posted.
Please see Jouni's excellent explanation in this document for many more details on the order of NAT processing.
(in addition to the configuration guide section Karsten linked to.)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: