10-18-2012 11:11 AM - edited 03-11-2019 05:11 PM
I think packet flow is changed in 8.3 IOS and above.
We are using private NAT for ouside traffic.
can any body explain me why we are using private IP for outside traffic
Solved! Go to Solution.
10-18-2012 11:57 AM
You have 2 same questions, please mark as answered one of the 2 so we can focus just on one....
Sure,
https://supportforums.cisco.com/docs/DOC-12690
http://www.fir3net.com/Cisco-ASA/how-to-configure-nat-of-asa-83.html
https://supportforums.cisco.com/docs/DOC-9129
10-18-2012 12:19 PM
Correct,
That is why you point to the private IP on the ACL because nat already has taken place.
Remember to rate all of the helpful posts
10-18-2012 12:34 PM
Hello,
Maybe this documment will help
https://learningnetwork.cisco.com/thread/46543
10-18-2012 11:30 AM
Hello Saurabh,
Before the NAT rule was checked after the ACL verification.
Now it backwards. The asa receive the traffic on the outside, performs the Un-Nat and then checks the ACL.
That is why you need to use the private range on the outside ACL.
Do you understand?
Regards
10-18-2012 11:30 AM
Duplicated! Please mark it as answered so we can focus on the other one
10-18-2012 11:48 AM
do you hany document or cisco link where i can check this.
10-18-2012 11:57 AM
You have 2 same questions, please mark as answered one of the 2 so we can focus just on one....
Sure,
https://supportforums.cisco.com/docs/DOC-12690
http://www.fir3net.com/Cisco-ASA/how-to-configure-nat-of-asa-83.html
https://supportforums.cisco.com/docs/DOC-9129
10-18-2012 12:03 PM
sorry for the two posts, that document is related to NAT configuration...
I am saying about the packet flow explanation........
Sorry jcarvaja , I am disturbing u alot....
10-18-2012 12:08 PM
Hello Saurabh,
Not a problem, just close or mark as answered one of them..
Packet flow is going to be all of the same than this
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba9d00.shtml
The only thing that changed is that now you perform NAT and then ACL checks, that is why I posted those NAT and ACL documents.
10-18-2012 12:16 PM
As per you in 8.4 packet flow as below:
packet: ingress interface---> exiting connection(yes or no)--------No---> NAT-----> ACL----> and further....
If this is the flow then I got your point....
Thanks for your posting and explanation.
10-18-2012 12:19 PM
Correct,
That is why you point to the private IP on the ACL because nat already has taken place.
Remember to rate all of the helpful posts
10-18-2012 12:21 PM
Thanks for your post.
do cisco has explained the 8.3 or above packet flow any where...
10-18-2012 12:34 PM
Hello,
Maybe this documment will help
https://learningnetwork.cisco.com/thread/46543
09-04-2014 09:03 AM
Hi Julio and other friends,
I was going through the Doc and the Fir3net link has changed.
Please find the new link below.
https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-nat.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide