Cisco ASA – NAT Order of Operations
Someone shared this NAT order of operations flow and I thought it would be good info to put out on the site in case someone needed it. Here it is
- nat 0 access-list (nat-exempt)
- match against existing xlates
- static
static nat with and without access-list (first match)
static pat with and without access-list (first match) - nat
a) nat access-list (first match)
Note: nat 0 access-list is not part of this command.
b) nat (best match) Note: When choosing a global address from multiple pools withthe same nat id, the following order is tried
i) if the id is 0, create an identity xlate.
ii) use the global pool for dynamic NAT
iii) use the global pool for dynamic PAT - Error
No comments:
Post a Comment