Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
1
Replies

NAT rules clarification

Go to solution
Albert Succar
Level 1
Level 1

‎08-16-2013 06:05 AM - edited ‎02-21-2020 04:57 AM

Hi all,

I understand the concept of NAT and why it is used.  However, I am a bit confused given the following command:  

object network obj-internal
nat (inside,outside) dynamic interface

Please correct me if I am wrong, but so far I understand that this command creates a network object named "obj-internal", and creates a rule for traffic from the inside interface to the outside interface.  However, I am confused with the dynamic interface portion.  Could somebody please elaborate more on the meaning/use of this part?  All help is greatly appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2013 06:24 AM

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2013 06:24 AM

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card