Videos: ACIT.in Class Video 3 – NAT on the ASA – record date 3/9/2015

Notes:

• This might be a small point section, but it is critical since it impacts core reachability
• The issue with NAT is that we are responsible for 8.2 and 8.6 code versions! “Old” NAT and “New” NAT
• Dynamic NAT/PAT 8.2
  • nat and global commands
  • show xlate
  • packet-tracer
  • nat-control
• Dynamic NAT/PAT 8.6
  • There is no nat-control any longer
  • Remember – if there is a matching nat rule – there must be an address available for translation
  • No static or global commands, just nat command
  • Manual or object NAT
  • Manual – nat (inside,outside) source dynamic any interface…
  • show nat – notice sequence numbering
• Static 8.2
  • static (inside, outside) 135.1.1.1 192.168.1.1
  • Remember, the above command is bidirectional
  • In 8.2, static always take precedence over dynamic
  • In 8.2, access lists hit first – then NAT – so IP address referenced is the mapped address
  • In 8.6, we use the real address, as NAT happens first

Practice Labs:

• Task 13 – Dynamic NAT and PAT on 8.2
• Task 14 – Dynamic NAT and PAT on 8.6
• Task 15 – Static NAT and PAT on 8.2