« Return to Thread: NAT order help
Re: NAT order help
by Avishai Wool-2
::
Rate this Message:
sivakumar
first, AFAIK they are not in conflict since the translate-from
address is different (10.0.0.0 != 1.1.1.2), so the order is irrelevant (?)
second, I think they are processed in order
google for "cisco pix command reference" and follow the
links to your pix version - I looked at
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s8_72.html#wp1202525
for ASA 7.2
HTH,
Avishai
On 11/6/07, sivakumar <siva_itech@...> wrote:
>
> Hi,
>
> access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1
>
> static(inside,ouside) 1.1.1.2 access-list rule1 0 0
> static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
>
> Please tell me which statement will take precedence - policy NAT ot Static
> NAT..
>
> --
> View this message in context: http://www.nabble.com/NAT-order-help-tf4737610.html#a13548213
> Sent from the Firewall Wizards mailing list archive at Nabble.com.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@...
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards@...
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
first, AFAIK they are not in conflict since the translate-from
address is different (10.0.0.0 != 1.1.1.2), so the order is irrelevant (?)
second, I think they are processed in order
google for "cisco pix command reference" and follow the
links to your pix version - I looked at
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s8_72.html#wp1202525
for ASA 7.2
HTH,
Avishai
On 11/6/07, sivakumar <siva_itech@...> wrote:
>
> Hi,
>
> access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1
>
> static(inside,ouside) 1.1.1.2 access-list rule1 0 0
> static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
>
> Please tell me which statement will take precedence - policy NAT ot Static
> NAT..
>
> --
> View this message in context: http://www.nabble.com/NAT-order-help-tf4737610.html#a13548213
> Sent from the Firewall Wizards mailing list archive at Nabble.com.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@...
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards@...
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
« Return to Thread: NAT order help
| Free embeddable forum powered by Nabble | Forum Help |
