I actually ran into this because I have a situation with an ASA that has 2 different ISP connections. I need to PAT most traffic out one interface and PAT traffic destined to a specific other internet destination out another interface.
I found out that under the network object configuration you can only have a single auto NAT rule. So, how is this usually done? I can think of 2 ways 1) Auto NAT - You create two different network objects that define everything, like this object network obj-any subnet 0.0.0.0 0.0.0.0 nat (inside,outside) source dynamic interface ! object network obj-any2 subnet 0.0.0.0 0.0.0.0 nat (inside,outside2) source dynamic interface 2) Manual NAT - Just create two rules nat (inside,outside) source dynamic any interface nat (inside,outside2) source dynamic any interface Thoughts? On Tue, Jun 18, 2013 at 2:49 PM, Joe Astorino <[email protected]>wrote: > Thanks all - Anthony yes yes...I've been putting off 8.3 + NAT for too > long! > > Sent from my iPhone > > On Jun 18, 2013, at 1:25 PM, Anthony Sequeira < > [email protected]> wrote: > > Look on the bright side Joe – in the new exam – you will most likely get > to enjoy both versions. :-\ > > From: Piotr Kaluzny <[email protected]> > Date: Tuesday, June 18, 2013 12:45 PM > To: joeastorino1982 <[email protected]> > Cc: "[email protected] | CCIE security" < > [email protected]> > Subject: Re: [OSL | CCIE_Security] ASA 8.4 dynamic PAT > > Joe > > Auto-NAT is for simple source translations and/or redirection. Manual NAT > is what you have to use when you want to add some policy/conditions to the > equation, like when you want to only translate packets going to a > particular destination > > Regards, > -- > Piotr Kaluzny > CCIE #25665 (Security), CCSP, CCNP > Sr. Technical Instructor - IPexpert, Inc. > URL: http://www.IPexpert.com > > > On Tue, Jun 18, 2013 at 6:13 PM, Joe Astorino > <[email protected]>wrote: > >> Hi guys, >> >> Just starting down the road of the new ASA NAT. I have a simple >> question. I see there are 2 ways you can do dynamic PAT >> >> 1) Auto NAT >> >> object network obj_any >> subnet 0.0.0.0 0.0.0.0 >> nat (inside,outside) dynamic interface >> >> 2) Manual NAT >> >> nat (inside,outside) source dynamic any interface >> >> >> Any preference as to which one and why? Most examples I see are >> referencing the auto NAT method for this purpose. I know manual NAT is >> ahead of auto NAT from a precedence stand point, just wondering why one >> might use one or the other? >> >> Sigh...I miss the old way >> >> -- >> Regards, >> >> Joe Astorino >> CCIE #24347 >> http://astorinonetworks.com >> >> "He not busy being born is busy dying" - Dylan >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
