Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

Placing NAT statements in sections

Go to solution
robert.mcclain
Level 1
Level 1

‎05-22-2013 12:54 PM - edited ‎03-11-2019 06:47 PM

is there a rule of thumb or general guildline for where you place these NAT statements?

I see 3 sections and after reading some posts I see a lot of "after-auto", which places the NAT statement in section 3.

I read the part in this document (http://www.cisco.com/en/US/partner/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157)

on the rule order, but I am still unclear.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-22-2013 01:02 PM

Hi,

I would suggest reading a document I wrote here on the forums on the "Documents" section.

https://supportforums.cisco.com/docs/DOC-31116

It explain for example the NAT rule ordering and the way I use the different Sections.

In general I would place the typical different types of NAT in the following way

Section 1

  • NAT0 / NAT Exempt
  • Policy type NAT configurations
  • Any other special/uncommon NAT configurations

Section 2

  • Static NAT
  • Static PAT

Section 3

  • Default Dynamic PAT/NAT rules means for majority of the users. The last section is the natural place for them as this rule should be the "last resort" for basic traffic through the firewall.

Hope this helps

Remember to mark the reply as the correct answer if it answered your question.

Naturally ask more here in this discussion if you want some more specific answers than the document provides.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-22-2013 01:02 PM

Hi,

I would suggest reading a document I wrote here on the forums on the "Documents" section.

https://supportforums.cisco.com/docs/DOC-31116

It explain for example the NAT rule ordering and the way I use the different Sections.

In general I would place the typical different types of NAT in the following way

Section 1

  • NAT0 / NAT Exempt
  • Policy type NAT configurations
  • Any other special/uncommon NAT configurations

Section 2

  • Static NAT
  • Static PAT

Section 3

  • Default Dynamic PAT/NAT rules means for majority of the users. The last section is the natural place for them as this rule should be the "last resort" for basic traffic through the firewall.

Hope this helps

Remember to mark the reply as the correct answer if it answered your question.

Naturally ask more here in this discussion if you want some more specific answers than the document provides.

- Jouni

0 Helpful

Go to solution
robert.mcclain
Level 1
Level 1
In response to Jouni Forss

‎05-22-2013 02:49 PM

Thanks for the answer and the link, reading it now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card