07-28-2013 04:06 PM - edited 03-11-2019 07:18 PM
Hi Everyone,
Say we have webserver which has internal IP of 172.16.10.10
If we need outside users from internet who need to access the webserver on IP say 200.x.x.x
We can config the NAT as below also
nat (inside,outside) static 200.x.x.x
Regards
Mahesh
Solved! Go to Solution.
07-28-2013 04:14 PM
Hi Mahesh,
I would usually configure a normal Static NAT as Network Object NAT
You first configure a "object network
object network STATIC
host 172.16.10.10
nat (inside,outside) static 200.x.x.x
Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.
You also have an option to configure the NAT in the following way
object network SERVER-REAL
host 172.16.10.10
object network SERVER-MAPPED
host 200.x.x.x
nat (inside,outside) source static SERVER-REAL SERVER-MAPPED
As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network
The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.
- Jouni
07-28-2013 04:29 PM
Hi,
I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands
So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.
Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.
I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.
- Jouni
07-28-2013 04:14 PM
Hi Mahesh,
I would usually configure a normal Static NAT as Network Object NAT
You first configure a "object network
object network STATIC
host 172.16.10.10
nat (inside,outside) static 200.x.x.x
Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.
You also have an option to configure the NAT in the following way
object network SERVER-REAL
host 172.16.10.10
object network SERVER-MAPPED
host 200.x.x.x
nat (inside,outside) source static SERVER-REAL SERVER-MAPPED
As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network
The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.
- Jouni
07-28-2013 04:24 PM
Hi jouni,
So first example was of Auto NAT and second was Manual NAT Right?
Regards
MAhesh
07-28-2013 04:29 PM
Hi,
I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands
So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.
Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.
I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.
- Jouni
07-28-2013 04:39 PM
MAny thanks Jouni Again.
LEarning ASA world bit by bit woth your help and this forum.
Best regards
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide