Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14443
Views
0
Helpful
4
Replies

nat (inside) 1 0.0.0.0 0.0.0.0, global (outside) 1 interface on 8.4(1)?

Go to solution
yuhuiyao
Level 1
Level 1

‎03-01-2011 12:09 PM - edited ‎03-11-2019 12:59 PM

All,

On the old ASA version I have:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

Which of the following two should I use on 8.4(1)? Are they the same?

nat (inside,outside) source dynamic any interface

object network obj-any

nat (inside,outside) dynamic interface

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mirober2
Cisco Employee
Cisco Employee
In response to yuhuiyao

‎03-01-2011 12:32 PM

Hello,

Sorry about that, you're right. I read the post incorrectly. The two commands are functionally equivalent, so you can choose either option (keeping in mind the order of processing that I mentioned above).

Hope that helps.

-Mike

View solution in original post

0 Helpful
4 Replies 4

Go to solution
mirober2
Cisco Employee
Cisco Employee

‎03-01-2011 12:22 PM

Hello,

For the first command, did you mean to write 'nat (inside,outside) source dynamic interface'? If not, the commands do slightly different things depending on what you put under the object called "any". Otherwise, both commands are functionally the same.

Which one you should use is mostly a matter of preference, but the 1st command (which is "manual NAT" command) will always be processed before any of the object NAT commands (which your 2nd command is an example of). If you have no other NAT configured, it really doesn't matter which you choose. If you do have other NAT configured that would overlap with this functionality, you'll want to choose carefully keeping in mind that manual NAT (option 1) is always processed first.

In most cases, I recommend using the 2nd option since the ASA will take care of the NAT order for you if you decide to add more NAT statements in the future.

This video will also help with understanding the NAT changes moving forward:

https://supportforums.cisco.com/docs/DOC-12324

Hope that helps.

-Mike

0 Helpful

Go to solution
yuhuiyao
Level 1
Level 1
In response to mirober2

‎03-01-2011 12:29 PM

It seemed that "any" is needed for the first option.

test(config)# nat (inside,outside) source dynamic ?

configure mode commands/options:
  WORD  Specify object or object-group name for real source
  any   Abbreviation for source address and mask of 0.0.0.0
test(config)# nat (inside,outside) source dynamic

0 Helpful

Go to solution
mirober2
Cisco Employee
Cisco Employee
In response to yuhuiyao

‎03-01-2011 12:32 PM

Hello,

Sorry about that, you're right. I read the post incorrectly. The two commands are functionally equivalent, so you can choose either option (keeping in mind the order of processing that I mentioned above).

Hope that helps.

-Mike

0 Helpful

Go to solution
tahequivoice
Level 2
Level 2

‎03-04-2011 09:35 AM

When I first started configuring 8.3 I was confused by that too, and found that using the ASDM is now faster and easier than doing it from the CLI. A bit leap forward from 8.2.  The biggest change for me is remembering to use the REAL ip for the ACL and not the NAT IP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card