Solved: Understanding "after-auto" in the new NAT format in version 8.3.2

Kevin Melton · ‎12-13-2010

Forum

I was going thru some planning stages for a client whom will be updating their ASA code on two boxes Wednesday evening to 8.3.2. I was going thru the migration guide and just trying to get a grip on the new way to configure NAT statements.

There was one question I can across as I was examining the way in which NAT is written. I cut this from the configuration:

configure mode commands/options:
<1-2147483647> Position of NAT rule within before auto section
after-auto Insert NAT rule after auto section
source Source NAT parameters
lo-asa(config-network-object)# nat (inside,outside) st?

network-object mode commands/options:
static
lo-asa(config-network-object)# nat (inside,outside)

I am not sure what after-auto is or even what "auto" is. What is the auto section? Thanks for helping out here.

Kevin

Panos Kampanakis · ‎12-13-2010

After auto is if you want to put a manual nat (used to be called policy nat) below auto-nat.

Manual nat by default goes before auto-nat. So you will use that option if you want auto-nat take precedence from one of your manual nat rules.

I hope it makes sense.

PK

View solution in original post

Panos Kampanakis · ‎12-13-2010

After auto is if you want to put a manual nat (used to be called policy nat) below auto-nat.

Manual nat by default goes before auto-nat. So you will use that option if you want auto-nat take precedence from one of your manual nat rules.

I hope it makes sense.

PK

Kevin Melton · ‎02-03-2011

That did make sense. Thanks for the response.

Kevin