Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1403
Views
0
Helpful
2
Replies

Two NATs, same origin ASA 8.3

samuelsancho
Level 1
Level 1

‎05-18-2010 04:07 AM - edited ‎03-11-2019 10:47 AM

Hi, whats happens in ASA 8.3 if you have two NATs with the same origin (i.e 192.168.1.3) and different outside (i.e 10.10.10.5 and 10.10.11.5)?. In older release of ASA it works by position in list so the first NAt is the first applied. Works in ASA 8.3 in the same way??.

Thank you in advance

Regards

Samuel

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-18-2010 04:21 AM

For NAT in version 8.3, here is the NAT order of operation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

With twice NAT, the order is as how it is entered in the configuration.

With network object NAT, it's static NAT takes precedence over dynamic NAT.

So from your description, I assume that you configure your policy NAT under twice NAT, so you are right. It is the same as the older version, ie: as you entered the NAT statements in the configuration.

Hope that helps.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎05-18-2010 10:00 AM

To add to hajelins answer, it should work in 8.3 also.

The syntax will change automatically when you migrate/upgrade.

but translating an ip address based on the destination ip address is still do-able.

I hope it helps.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card