Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
4
Replies

Identity NAT question ASA Firewall 8.2

Go to solution
fersherls
Level 1
Level 1

‎01-20-2017 08:40 AM - edited ‎03-08-2019 08:59 AM

Hi Everyone

I got 2 questions regarding Identity NAT on an ASA version 8.2

I've got to configure Identity NAT for a whole segment lets say 10.10.10.0 255.255.255.0 and the way i'm going to do it its the next one

static (CORE,inside) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

I've read that configured this way lets say if 10.10.10.10 gets to the ASA it will be NATed to 10.10.10.10 is that correct?

Also I wanna know how is the order of static NAT because there's already a static NAT in the ASA like this one

static (CORE,inside) 10.101.13.212 10.10.10.5 netmask 255.255.255.255

And because this line is already configured, what will happen if I configured the whole segment like this

static (CORE,inside) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

It will respect the host NAT even when I configured the whole segment in another line? I don't know if it works like the Longest Prefix Match logic when the more specific the segment that's the one it will choose.

Thanks in advance

Best Regards!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-20-2017 08:50 PM

Hi

the static nat is done on ASA by following the rule first match first applied. 

Here a link that can help you to understand:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_overview.html#wp1079279

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-20-2017 08:50 PM

Hi

the static nat is done on ASA by following the rule first match first applied. 

Here a link that can help you to understand:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_overview.html#wp1079279

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
fersherls
Level 1
Level 1
In response to Francesco Molino

‎01-30-2017 08:09 AM

Thanks Francesco, that was really helpful.

Best Regards!

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to fersherls

‎01-30-2017 08:16 AM

You're very welcome


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
fersherls
Level 1
Level 1

‎01-30-2017 08:08 AM

Thanks Francesco, that was really helpful.

Best Regards!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card