Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
0
Helpful
6
Replies

Policy Nat

Go to solution
opnineopnine
Level 1
Level 1

‎12-02-2014 12:02 PM - edited ‎03-11-2019 10:10 PM

Hi all,

 

Please can someone explain when I should I use Policy Nat?

 

thanks.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike Schultz
Level 1
Level 1

‎12-02-2014 12:29 PM

You want to use policy NAT when certain traffic needs to be NAT'd. and other traffic does not. 

 

In my network, we have a business partner that connects to us that has overlapping networks ranges with a different partner, but only from part of our network. They have a single server (192.168.10.85) that users on our network need to access. Users on half of our network (10.15.0.0/16) need to be NAT'd, but users on the rest of the network (10.20.0.0/16) do not need to be NAT'd. We use policy NAT to specify that when traffic has a source address of 10.20.0.0/16 and a destination address of 192.168.10.85, the traffic is not NAT'd. Conversely, we specify that if traffic has a source address of 10.15.0.0/16 and a destination address of 192.168.10.85, the traffic will be NAT'd.

 

That is policy NAT.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Mike Schultz
Level 1
Level 1

‎12-02-2014 12:29 PM

You want to use policy NAT when certain traffic needs to be NAT'd. and other traffic does not. 

 

In my network, we have a business partner that connects to us that has overlapping networks ranges with a different partner, but only from part of our network. They have a single server (192.168.10.85) that users on our network need to access. Users on half of our network (10.15.0.0/16) need to be NAT'd, but users on the rest of the network (10.20.0.0/16) do not need to be NAT'd. We use policy NAT to specify that when traffic has a source address of 10.20.0.0/16 and a destination address of 192.168.10.85, the traffic is not NAT'd. Conversely, we specify that if traffic has a source address of 10.15.0.0/16 and a destination address of 192.168.10.85, the traffic will be NAT'd.

 

That is policy NAT.

0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Mike Schultz

‎12-02-2014 12:41 PM

Hi Mike,

Will this be a configuration of policy?

 

access-list PolicyNAT-Cust1 extended permit ip host Oracle 142.101.64.0 255.255.255.0 
access-list PolicyNAT-Cust1 extended permit ip host Oracle 142.101.65.0 255.255.255.0 
!
nat (DMZ-MGMT) 10 access-list PolicyNAT-Cust1 outside

 

Thanks.

0 Helpful

Go to solution
Mike Schultz
Level 1
Level 1
In response to opnineopnine

‎12-02-2014 12:41 PM

This is on an ASA? Which version?

0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Mike Schultz

‎12-02-2014 02:50 PM

This is a 8.2 version.

 

Thanks.

0 Helpful

Go to solution
Mike Schultz
Level 1
Level 1
In response to opnineopnine

‎12-02-2014 02:53 PM

paste the output from sh run nat

0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Mike Schultz

‎12-02-2014 03:24 PM

Hello Mike,

 

I cant paste it because of the info we have for the customer, but thanks for your help. I will keep looking form more examples.

 

Thanks!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card