Cisco ASA 5505 Configuration Manual page 517

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Information About NAT

NAT Rule Order

Network object NAT rules and twice NAT rules are stored in a single table that is divided into three

sections. Section 1 rules are applied first, then section 2, and finally section 3.

order of rules within each section.

Table Section Rule Type

For section 2 rules for example, you have the following IP addresses defined within network objects:

NAT Rule Table

Network object NAT Section 2 rules are applied in the following order, as

192.168.1.0/24 (static)

192.168.1.0/24 (dynamic)

10.1.1.0/24 (static)

192.168.1.1/32 (static)

172.16.1.0/24 (dynamic) (object def)

172.16.1.0/24 (dynamic) (object abc)

Order of Rules within the Section

Applied on a first match basis, in the order they appear in the

configuration. By default, twice NAT rules are added to

If you configure VPN, the client dynamically adds

invisible NAT rules to the end of this section. Be sure

that you do not configure a twice NAT rule in this

section that might match your VPN traffic, instead of

matching the invisible rule. If VPN does not work due

to NAT failure, consider adding twice NAT rules to

section 3 instead.

automatically determined by the adaptive security appliance:

Static rules.

Dynamic rules.

Within each rule type, the following ordering guidelines are

Quantity of real IP addresses—From smallest to

largest. For example, an object with one address will

be assessed before an object with 10 addresses.

For quantities that are the same, then the IP address

number is used, from lowest to highest. For example,

10.1.1.0 is assessed before 11.1.1.0.

If the same IP address is used, then the name of the

network object is used, in alphabetical order. For

example, abracadabra is assessed before catwoman.

Section 3 rules are applied on a first match basis, in the order

they appear in the configuration. You can specify whether to

add a twice NAT rule to section 3 when you add the rule.

Cisco ASA 5500 Series Configuration Guide using ASDM

NAT Rule Order

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 517

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents