Tag Archives: new

What’s New and What’s Coming from CBT Nuggets

CBT Nuggets

We are always creating new content for you here at CBT Nuggets. Here is your October News Flash with the details! In an act of shameless self-promotion, I listed my courses in BOLD. What would you like to see from CBT Nuggets? Let me know in the comments area below this post.


  • Ansible Essentials
  • AWS Certified SysOps Administrator – Associate
  • CompTIA Security+ (SY0-501)
  • Installation, Storage, and Compute with Windows Server 2016 (Exam 70-740)
  • IT Expertise: Building and Configuring a Business Switch Network
  • Microsoft Teams
  • Salesforce Admin – Classic Interface
  • Soft Skills for ScrumMasters
  • VMware vSphere 6.5 (VCP6.5-DCV)
  • Windows 10 End User Essentials


  • End User Security Awareness
  • Designing and Operating Defensible Network Architectures
  • Agile Essentials
  • IT Expertise: Building and Configuring a Business Wireless Network
  • CompTIA Cloud Essentials (CLO-001)
  • Microsoft MCSA SQL Server 2016 70-761
  • Everything Linux
  • Microsoft Azure 70-533 with ARM Updates

“New” NAT on the ASA – Object NAT/PAT with Manual Config

There are so many variations that are possible with NAT now – and I am just talking in the “new rules”. In this post, lets just review one. We will do dynamic NAT with a PAT backup using network objects. We will provide the NAT instructions manually instead of inside an object.

Our topology is as follows:


Our objective here is as follows:

  • Configure NAT so that hosts on the inside network attempting to reach the outside network are translated using the pool to 103. We need to use the interface IP address as a PAT backup. The NAT configuration must be manual.

My first step is to create my network objects:

object network 192INSIDE
object network POOL1

Verification of this step is show run object.

Now I am ready for the manual NAT:

nat (inside,outside) source dynamic 192INSIDE POOL1 interface

The above command is made VERY easy thanks to context-sensitive help.

For verification – we do not even need to leave the ASA thanks to Packet Tracer!

packet-tracer input inside tcp 1027 23
Phase: 4      
Type: NAT
Result: ALLOW
nat (inside,outside) source dynamic 192INSIDE POOL1 interface
Additional Information:
Dynamic translate to
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow

Of course, we can always create traffic through the ASA and view the translation. Here I telnet through from R3 on the inside to R4 on the outside. We confirm out configuration and that traffic is matching it:

ASA1# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source dynamic 192INSIDE POOL1 interface  
    translate_hits = 6, untranslate_hits = 6

Of course I will be back with plenty of other “new” NAT sample configurations and verifications for you.