Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2765
Views
2
Helpful
3
Replies

Manual NAT vs Object NAT

Magesh Kumar
Level 1
Level 1

‎11-16-2019 10:46 PM - last edited on ‎03-09-2022 11:25 PM by Community Manager

Hi team,

 

What is the exact difference between Manual NAT and Object NAT in Cisco ASA?

 

With Regards,

Magesh Kumar G

Regards,
Magesh Kumar G
Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎11-17-2019 12:21 AM

Hello,

 

(network) object NAT simply means that a network object is referenced in the NAT statement. Object NAT can be used for dynamic NAT, dynamic PAT, static NAT or static NAT-with-Port-Translation, and Identity NAT.

 

Manual NAT is a flavor of object NAT.

 

Have a look at the two links below:

 

Configuring Network Object NAT

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

 

Manual NAT

 

https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/#manualnat

0 Helpful

Spooster IT Services
Level 7
Level 7

‎11-21-2022 04:01 AM

Hi Magesh ,

- The major difference in between Manual NAT & Object NAT ( Auto NAT ) is that in Object nat the nat order is maintained automatically ( the static nats are prefferred over dynamic nats ) while in manual nat we have to specify the order manually while configuring Nats and if not specified , they'll take the order in which they're configured 

- Manual Nat is mainly used when we need to configure Conditional NAT as Object Nat doesn't support conditional nat .  

Spooster IT Services Team

adwaita
Level 1
Level 1

‎10-02-2023 09:35 PM - edited ‎10-02-2023 09:47 PM

Hi @Magesh Kumar 

Hope you find your answer. But I thought of adding my answer for them who revisit this page like me for the finest answer.

The Cisco ASA appliance can implement address translation in two ways: network object (auto) NAT and manual NAT. The main differences between these two NAT types are:

1) How you define the real address.
2) How source and destination NAT is implemented.

1) How you define the real address:

Network object NAT: You define NAT as a parameter for a network object.

Example:
object network WEB-SERVER-SSH
host 172.16.30.15
nat (inside,outside) static 72.6.6.15 service tcp 22 2222

 

Manual NAT: In this case, NAT is not a parameter of the network object, but the network object or group is a parameter of the NAT configuration.

Example:
object network SERVER_X
host 172.16.30.100

object network SERVER_X_PUBLIC
host 100.1.1.1

nat (inside,outside) source static SERVER_X SERVER_X_PUBLIC

 

2) How source and destination NAT is implemented:

Network object NAT: Each rule can apply to either the source or the destination of a packet. Therefore, two rules might be used, one for the source IP address, and one for the destination IP address.

Manual NAT: A single rule translates both the source and destination.


In addition to this, Manual NAT can do everything that Object/Auto NAT can, and a little extra – namely, Policy NAT and Twice NAT.

 

Hit Like and vote if you find this helpful. Thank you!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card