CCIE Security v4 Lab Training – Day 3

Videos: Class Video 3 – NAT on the ASA – record date 3/9/2015


  • This might be a small point section, but it is critical since it impacts core reachability
  • The issue with NAT is that we are responsible for 8.2 and 8.6 code versions! “Old” NAT and “New” NAT
  • Dynamic NAT/PAT 8.2
    • nat and global commands
    • show xlate
    • packet-tracer
    • nat-control
  • Dynamic NAT/PAT 8.6
    • There is no nat-control any longer
    • Remember – if there is a matching nat rule – there must be an address available for translation
    • No static or global commands, just nat command
    • Manual or object NAT
    • Manual – nat (inside,outside) source dynamic any interface…
    • show nat – notice sequence numbering
  • Static 8.2
    • static (inside, outside)
    • Remember, the above command is bidirectional
    • In 8.2, static always take precedence over dynamic
    • In 8.2, access lists hit first – then NAT – so IP address referenced is the mapped address
    • In 8.6, we use the real address, as NAT happens first

Practice Labs:

  • Task 13 – Dynamic NAT and PAT on 8.2
  • Task 14 – Dynamic NAT and PAT on 8.6
  • Task 15 – Static NAT and PAT on 8.2


4 thoughts on “CCIE Security v4 Lab Training – Day 3

  1. Dear Anthony.. You mention in every related ccie sec lab about ACIT videos. Which training provider they are.. Is there material good to prepare for ccie security. I am also preparing for CCIE Security and currently following micronicstraining labs.


    1. The videos are the recordings of the live online class I attended via WebEx. They are EXCELLENT. Visit for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *