cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3864
Views
2
Helpful
3
Replies

Manual NAT vs Object NAT

Magesh Kumar
Level 1
Level 1

Hi team,

 

What is the exact difference between Manual NAT and Object NAT in Cisco ASA?

 

With Regards,

Magesh Kumar G

Regards,
Magesh Kumar G
3 Replies 3

Hello,

 

(network) object NAT simply means that a network object is referenced in the NAT statement. Object NAT can be used for dynamic NAT, dynamic PAT, static NAT or static NAT-with-Port-Translation, and Identity NAT.

 

Manual NAT is a flavor of object NAT.

 

Have a look at the two links below:

 

Configuring Network Object NAT

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

 

Manual NAT

 

https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/#manualnat

Hi Magesh ,

- The major difference in between Manual NAT & Object NAT ( Auto NAT ) is that in Object nat the nat order is maintained automatically ( the static nats are prefferred over dynamic nats ) while in manual nat we have to specify the order manually while configuring Nats and if not specified , they'll take the order in which they're configured 

- Manual Nat is mainly used when we need to configure Conditional NAT as Object Nat doesn't support conditional nat .  

Spooster IT Services Team

adwaita
Level 1
Level 1

Hi @Magesh Kumar 

Hope you find your answer. But I thought of adding my answer for them who revisit this page like me for the finest answer.

The Cisco ASA appliance can implement address translation in two ways: network object (auto) NAT and manual NAT. The main differences between these two NAT types are:

1) How you define the real address.
2) How source and destination NAT is implemented.

1) How you define the real address:

Network object NAT: You define NAT as a parameter for a network object.

Example:
object network WEB-SERVER-SSH
host 172.16.30.15
nat (inside,outside) static 72.6.6.15 service tcp 22 2222

 

Manual NAT: In this case, NAT is not a parameter of the network object, but the network object or group is a parameter of the NAT configuration.

Example:
object network SERVER_X
host 172.16.30.100

object network SERVER_X_PUBLIC
host 100.1.1.1

nat (inside,outside) source static SERVER_X SERVER_X_PUBLIC

 

2) How source and destination NAT is implemented:

Network object NAT: Each rule can apply to either the source or the destination of a packet. Therefore, two rules might be used, one for the source IP address, and one for the destination IP address.

Manual NAT: A single rule translates both the source and destination.


In addition to this, Manual NAT can do everything that Object/Auto NAT can, and a little extra – namely, Policy NAT and Twice NAT.

 

Hit Like and vote if you find this helpful. Thank you!!

Review Cisco Networking for a $25 gift card