Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
2
Replies

NAT Processing Order

GRANT3779
Spotlight
Spotlight

‎02-05-2014 04:44 AM - edited ‎03-04-2019 10:15 PM

Hi All,

If I have multiple NAT statements on a router how are they processed? Is there some sort of sequential order or does it use the more specific statement?

E.G if I have a NAT command which has an ACL denying certain traffic, but another NAT command with an ACL allowing that traffic, what is processed?

Thanks

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-05-2014 05:11 AM

Generally speaking static NAT takes precedence over dynamic NAT. For the ASA firewall the docs do actually state the exact order but for IOS i can't find a similiar doc.

In terms of your specific question it shouldn't matter which is processed first because they are both processed so the right NAT would happen ie.

if the deny was matched first then that NAT statement is simply not applied but then the NAT statement with the permit would be matched so it would still work.

It is not like an acl where once it is matched all processing stops, processing only stops for that specific NAT statement.

Are you having an issue with NAT ?

Jon

0 Helpful

GRANT3779
Spotlight
Spotlight
In response to Jon Marshall

‎02-05-2014 05:42 AM

Hi Jon,

Thanks for the info. Not having any issues. I was setting up some NATs and I just started to wonder about how it was actually processed. Didn't really give it too much thought previously.

What you have said makes sense so thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card