Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1319
Views
0
Helpful
1
Replies

NAT rules clarification

Go to solution
Albert Succar
Visitor

‎08-16-2013 06:05 AM - edited ‎02-21-2020 04:57 AM

Hi all,

I understand the concept of NAT and why it is used.  However, I am a bit confused given the following command:  

object network obj-internal
nat (inside,outside) dynamic interface

Please correct me if I am wrong, but so far I understand that this command creates a network object named "obj-internal", and creates a rule for traffic from the inside interface to the outside interface.  However, I am confused with the dynamic interface portion.  Could somebody please elaborate more on the meaning/use of this part?  All help is greatly appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2013 06:24 AM

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2013 06:24 AM

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card