02-05-2014 04:44 AM - edited 03-04-2019 10:15 PM
Hi All,
If I have multiple NAT statements on a router how are they processed? Is there some sort of sequential order or does it use the more specific statement?
E.G if I have a NAT command which has an ACL denying certain traffic, but another NAT command with an ACL allowing that traffic, what is processed?
Thanks
02-05-2014 05:11 AM
Generally speaking static NAT takes precedence over dynamic NAT. For the ASA firewall the docs do actually state the exact order but for IOS i can't find a similiar doc.
In terms of your specific question it shouldn't matter which is processed first because they are both processed so the right NAT would happen ie.
if the deny was matched first then that NAT statement is simply not applied but then the NAT statement with the permit would be matched so it would still work.
It is not like an acl where once it is matched all processing stops, processing only stops for that specific NAT statement.
Are you having an issue with NAT ?
Jon
02-05-2014 05:42 AM
Hi Jon,
Thanks for the info. Not having any issues. I was setting up some NATs and I just started to wonder about how it was actually processed. Didn't really give it too much thought previously.
What you have said makes sense so thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide