From: Tim (ccie2be@nyc.rr.com)
Date: Wed Jun 25 2008 - 10:32:39 ART
Hey Naji,
Did you know there's another post that says the exact opposite !!!
How sure are you?
I figure the nat statements are processed more like a route table - longest
match wins.
But, a post yesterday, says it's really like how an ACL is processed.
I don't know who is correct but I know you can't both be correct.
-----Original Message-----
From: Naji Talj [mailto:ntalj@dcgroup.com]
Sent: Wednesday, June 25, 2008 8:13 AM
To: Tim
Subject: RE: PIX/ASA NAT
Hi Tim,
The sequence doesn't matter the most matching entry executes
Rgds,
Naji Talj
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tim
Sent: Tuesday, June 24, 2008 8:28 PM
To: security@groupstudy.com
Subject: PIX/ASA NAT
Hi Guys,
Does it matter in which order I enter nat commands?
For example,
nat (inside) 1 192.10.1.0 255.255.255.0
nat (inside) 2 0 0
(Assume I have the correct globals.)
versus
nat (inside) 1 0 0
nat (inside) 2 192.10.1.0 255.255.255.0
Given these config snippets, will the same thing happen for a packet
with a
source address of 192.10.1.x with either config?
If so, is the reason because nat commands are evaluated like a route
table
ie most specific match takes precedence?
Thanks, Tim
No virus found in this incoming message.
Checked by AVG.
Version: 8.0.101 / Virus Database: 270.4.1/1517 - Release Date:
6/24/2008 8:41 PM
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART