- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2013 05:37 PM - edited 03-11-2019 07:18 PM
Hi Everyone,
Does config below
ASA1(config)# nat (inside,outside) source dynamic any interface
Will do the PAT when source is any IP from inside interface of ASA and going to any destination IP address?
Regards
MAhesh
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2013 05:44 PM
Hi Mahesh,
Yes, that NAT configuration would essentially do Dynamic PAT for any host behind the "inside" interface towards any destination address routed behind "outside" interface using the PAT IP address of "outside" interface.
I would however suggest configuring the same NAT configuration by adding the "after-auto" parameter
nat (inside,outside) after-auto source dynamic any interface
What the "after-auto" parameter does is that it moves the NAT rule to the very end of the NAT rules. It will be one of the last NAT rules matched against a new connection coming from behind "inside".
If we configured the Dynamic PAT the way you mentioned, there might be a possibility that it would override other NAT rules either now or in the future because it is at such a high priority.
- Jouni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2013 05:44 PM
Hi Mahesh,
Yes, that NAT configuration would essentially do Dynamic PAT for any host behind the "inside" interface towards any destination address routed behind "outside" interface using the PAT IP address of "outside" interface.
I would however suggest configuring the same NAT configuration by adding the "after-auto" parameter
nat (inside,outside) after-auto source dynamic any interface
What the "after-auto" parameter does is that it moves the NAT rule to the very end of the NAT rules. It will be one of the last NAT rules matched against a new connection coming from behind "inside".
If we configured the Dynamic PAT the way you mentioned, there might be a possibility that it would override other NAT rules either now or in the future because it is at such a high priority.
- Jouni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2013 05:46 PM
Best Regards
Mahesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2016 01:13 AM
Hi Everyone,
I have the same problem of configuring PAT on the new Cisco firewall so addition to ASA1(config)# nat (inside,outside) source dynamic any interface command is any ACL statement is required to allow inside network?
Best Regards!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2019 08:37 PM
