Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
5
Helpful
1
Replies

NAT options and when to use them

dbakopanos
Level 1
Level 1

‎10-19-2016 07:32 AM

Good day,

I was hoping that something would provide some insight into Cisco NAT to help clear the air. Now there are a bunch of new NAT options that we have available since 8.3 and above. now can anyone explain how and when we use the following NAT statements; is there a difference in referencing the object once or twice in the source and destination fields.

1 - nat (inside,hr) source dynamic obj-src interface destination static obj-dst obj-dst

2 - nat (inside,hr) source static obj-src interface destination static obj-dst obj-dst

3 - nat (inside,hr) source static obj-src obj-src destination static obj-dst obj-dst

4 - nat (inside,hr) source static obj-src obj-src destination static obj-dst obj-dst

5 - nat (inside,hr) source static obj-src destination static obj-dst

why use after-auto ?

6 - nat (Inside,outside) after-auto source dynamic OBJECT-GROUP-NAME interface

Labels:
1 Reply 1

miras
Level 5
Level 5

‎10-19-2016 07:49 AM

NATs are grouped on three different sections, Section1, Section2, and Section3. The NAT rules get checked in that order, from 1 to 3.

Section1 -> Policy/Twice NAT

Section2 -> Auto NAT

Section3 -> Policy/Twice NAT and this is the same as Section1, but is after auto NAT.

Now if you want a Policy/Twice NAT to be checked after the 'auto NAT', then you have to specify after-auto so that NAT rule is checked after 'Auto NAT'

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card