Hi, Is there any specific

sindbandgi · ‎09-25-2015

Hello,

I wanted to know meaning of below NAT command in Csico ASA Version 8.3(2)

nat (inside outside) source static any any

Is NAT happening here or No translations

Regards

Rajkumar

Pulkit Saxena · ‎09-25-2015

Hi,

Ideally, it should not be like this.

You cannot do a static NAT using any any.

We can use dynamic NAT if inside users want to go to the internet.

nat (inside,outside) dynamic any interface.

Regards,

Pulkit Saxena

sindbandgi · ‎09-25-2015

Hi,

I have seen this config in one of the my customer Firewall.

Not sure wether NAT is happening or not

nat (GI6/0.170,GI5/0.180) source static any any

nat (GI5/0.180,GI6/0.170) after-auto source static any any

When I see show nat , I see the counter is incresing on contineous basis.

2 (GI6/0.170) to (GI5/0.180) source static any any
translate_hits = 0, untranslate_hits = 434791714 --------> this counter is chnaging

Pulkit Saxena · ‎09-25-2015

Hi,

It does a self NAT (identity NAT).

So for example, 1.1.1.1 is getting translated to 1.1.1.1 only.

Regards,

Pulkit Saxena

Rishabh Seth · ‎09-28-2015

Hi,

Is there any specific reason for this NAT in your config?

This NAT rule is as good as doing no translation at all. It is going to match all the traffic which does not match any other NAT statement.

It will make ASA do more processing, if it is not required then you can remove it.

Thanks,

R.Seth

NAT on Cisco ASA Version 8.3(2)