IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
3 posts • Page 1 of 1
This is the nat order of operation PIX/ASA.the NAT (nameif) 0 acl_name takes precedence.1. nat 0 access-list (nat-exempt) 2. Match existing xlates 3. Match static commands a. Static NAT with and without access-list b. Static PAT with and without access-list 4. Match nat commands a. nat [id] access-list (first match) b. nat [id] [address] [mask] (best match) i. If the ID is 0, create an identity xlate ii. Use global pool for dynamic NAT iii. Use global pool for dynamic PAT