Hi Vibhor,

I know the some basics about Cisco ASA Nat,

My Query is all about ASA Nat Rule,

As Per Nat Rule, ASA first check Nat Excemption, Dynamic, Static,

in My ASA Configuration: My Statements are Staic, Dynamic, Nat Excemption,

How Nat Rule works with Configuration Parameters?

Hi,

As you pointed out , you are using the ASA 8.2 and before NAT syntax.

I think it would be better , if you can post the specific query which you have about the NAT statements.

It would help us reply accordingly.

Thanks and Regards,

Vibhor Amrodia

Could you Please Explain Me these 4 steps:

oOrder of NAT Commands Used to Match Real Addresses

The ASA matches real addresses to NAT commands in the following order:

1. NAT exemption (nat 0 access-list)—In order, until the first match. Identity NAT is not included in this category; it is included in the regular static NAT or regular NAT category. We do not recommend overlapping addresses in NAT exemption statements because unexpected results can occur.

2. Static NAT and Static PAT (regular and policy) (static)—In order, until the first match. Static identity NAT is included in this category.

3. Policy dynamic NAT (nat access-list)—In order, until the first match. Overlapping addresses are allowed.

4. Regular dynamic NAT (nat)—Best match. Regular identity NAT is included in this category. The order of the NAT commands does not matter; the NAT statement that best matches the real address is used. For example, you can create a general statement to translate all addresses (0.0.0.0) on an interface. If you want to translate a subset of your network (10.1.1.1) to a different address, then you can create a statement to translate only 10.1.1.1. When 10.1.1.1 makes a connection, the specific statement for 10.1.1.1 is used because it matches the real address best. We do not recommend using overlapping statements; they use more memory and can slow the performance of the ASA.