Hi Joe; Main difference, you can change the order of the NAT statements, with Auto, you cant.
For Dynamic NAT/PAT, I would definitely encourage you to use Auto NAT and for Statics to use Manual, here is an example why: If you have an inbound connection and the Dynamic PAT is configured first than the Static for the inbound connection, The PAT is going to take precedence and the packet would be drop because of RPF. You will need to configure, from that point forward all the NATs as manual, because you cannot move the order on the Auto NAT section. Here is a good Doc (Not that you need it, but it would be nice to remember): https://supportforums.cisco.com/docs/DOC-9129 Hope it helps. Mike Date: Tue, 18 Jun 2013 12:13:43 -0400 From: [email protected] To: [email protected] Subject: [OSL | CCIE_Security] ASA 8.4 dynamic PAT Hi guys, Just starting down the road of the new ASA NAT. I have a simple question. I see there are 2 ways you can do dynamic PAT 1) Auto NAT object network obj_any subnet 0.0.0.0 0.0.0.0 nat (inside,outside) dynamic interface 2) Manual NAT nat (inside,outside) source dynamic any interface Any preference as to which one and why? Most examples I see are referencing the auto NAT method for this purpose. I know manual NAT is ahead of auto NAT from a precedence stand point, just wondering why one might use one or the other? Sigh...I miss the old way -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
