Identity NAT

There are some situations when you configure Identity NATThis type of NAT explicitly translates the networks to themselves. It is often used before PAT rule – for example if you want to put some traffic into VPN tunnel then you don’t want to translate it with your PAT rule.

Let’s take an example from Cisco ASA configuration. The following picture shows the traffic before the Identity NAT was configured – the PAT rule takes place and the traffic is not put inside any VPN tunnel.

PAT rule

PAT rule

Lets now configure Identity NAT before the PAT rule. Site1 is 10.10.1.0/24 network and Site3 is 10.10.3.0/24 network. They are translated to themselves (source and destination IP remains Original).

Identity NAT

Identity NAT

If you run the test again the Identity NAT will take precedence before the PAT rule and the traffic will be put inside VPN tunnel (the last position on the list on the picture below).

Identity NAT - verification

Identity NAT – verification

Leave a Reply

Your email address will not be published. Required fields are marked *