Usually they use dynamic PAT as a last mechanism. If you have static nat's or other important dynamic nat or specific Pats, you would want to give them more preference over Pat ing the entire range, as in your example (0.0.0.0)
In your example if you use manual nat and you have entered this at the beginning. Then this takes precedence over all other nat statements. The order you enter for manual nat matters. Hence its best to use such use case in auto nat and auto nat i.e. Section 2 automatically reorders the nat statement for best match. If you only have this nat scenario in your network and no other nat statements, then it really does not matter. Sam Sent from Samsung Mobile -------- Original message -------- From: Joe Astorino <[email protected]> Date: 18/06/2013 21:43 (GMT+05:30) To: OSL Security <[email protected]> Subject: [OSL | CCIE_Security] ASA 8.4 dynamic PAT Hi guys, Just starting down the road of the new ASA NAT. I have a simple question. I see there are 2 ways you can do dynamic PAT 1) Auto NAT object network obj_any subnet 0.0.0.0 0.0.0.0 nat (inside,outside) dynamic interface 2) Manual NAT nat (inside,outside) source dynamic any interface Any preference as to which one and why? Most examples I see are referencing the auto NAT method for this purpose. I know manual NAT is ahead of auto NAT from a precedence stand point, just wondering why one might use one or the other? Sigh...I miss the old way -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
