Ok, i found my instructor for Security, and I have to say, it is a relaxing feeling to watch someone just sit back and teach the material. Thank you, this is the type of training that I do and it works. You my friend are going to be sharing alot of late nights indirectly with security. Thank you for doing this in a way that is relatable. This lesson alone lets me know that I need to revisit the ASA. I got a job working in the SOC (first time working in security) and have been trying to change from ROUTE/SWITCH into a different realm and security wins the election. Finding an instructor that I relate to is hard and you, my friend, are it. Thank you so much.
Thank you, This was a really good session. You made NAT easy to understand, very concise and clear. I can’t thank you enough, I will definitely be looking at your courses on INE.
Excellent, clear and succinct Explanation of a much messed up topic on ASA. Two Quick questions @14:30. Wouldn't it consume more ASA resources if you place most general rules in the bottom of section-3, as for every LAN IP ASA will have to start looking for a rule from the top of section-1 until it finds a rule at the bottom of Section-3 ? Second, What is it called , and how could we NAT Multiple Inside Servers with single Public IP Address ?
This was a nice refresher. Thanks Rohit. So just one thing, if I do a source nat (inside,outside) src-object dst-object - is this bidirectional automatically assuming I have the access-rules set up on my outside interface to allow the DNAT?
Have been looking at a number of NAT articles - in vain - this is the first time I feel I understand how it really works. Thanks a lot. Could you please do a feature on NAT when having VPN access to the Inside network ? - Split tunneling under anyconnect vs. NAT - we need both (I think) ?
great explation n detail thanks for sharing knowledge : QN can i know in old asa code & new asa code how acls and nat behave as u alredy mentioned can u explain that
Could i please ask for your help? I followed the lab exactly and even set up telnet to test and still cant get it to work. I've been troubleshooting but might not be smart enough to get this to work. Any help would be appreciated
if you just have on public adress on the outside interface and you have many server in DMZ that needs to be reachable from outside ? you said that static pat is not bidirectional
I thought Route happens at the last... NAT, ACL and then routing is what I have been thinking so long. In this video I could see Rohit mentioning Route lookup happens first and then Destination NAT, ACL and Source NAT. Can someone confirm this?
With Manual NAT, isnt NAT Divert a consideration? For instance, at the end of the lesson Manual Rule 1 would cause all traffic that sources from Webserver2 (inside) to be immediately diverted to the Outside interface, even if it was trying to contact a device on another interface right? In this case shouldnt we put an identity NAT in there to avoid that situation? This is why you have to be careful with Manual NAT because you can inadvertently divert traffic because the NAT rules override the global routing table.
I want to understand why not put general rules like IP LAN subnet to internet or some other general statements in section 2 and let section 3 be strictly for conditions since its a conditional section?????
INE, I hope you are listening. Please have Rohit do the Advanced technologies class for the new CCIE security exam. Please no more European instructors with bad accent.
Ok, i found my instructor for Security, and I have to say, it is a relaxing feeling to watch someone just sit back and teach the material. Thank you, this is the type of training that I do and it works. You my friend are going to be sharing alot of late nights indirectly with security. Thank you for doing this in a way that is relatable. This lesson alone lets me know that I need to revisit the ASA. I got a job working in the SOC (first time working in security) and have been trying to change from ROUTE/SWITCH into a different realm and security wins the election. Finding an instructor that I relate to is hard and you, my friend, are it. Thank you so much.
Rohit !!! You are my path to the CCIE Security Destiny... Thank You .. Excellent Work!
Thank you, This was a really good session. You made NAT easy to understand, very concise and clear. I can’t thank you enough, I will definitely be looking at your courses on INE.
Thank you very much Rohit , again very excellent way of teaching NAT on ASA.
Excellent, clear and succinct Explanation of a much messed up topic on ASA.
Two Quick questions
@14:30. Wouldn't it consume more ASA resources if you place most general rules in the bottom of section-3, as for every LAN IP ASA will have to start looking for a rule from the top of section-1 until it finds a rule at the bottom of Section-3 ?
Second, What is it called , and how could we NAT Multiple Inside Servers with single Public IP Address ?
Thankyou for sharing great information & detail explanation @INEtraining
Thanks Mr RP and thanks INE
Best video to understand NAT
Excellent ...Loved it ...way you teach is Exemplary
gr8 explanation u have made NAT easy to me.............. Thanks for session ..
Excellent explanation.. Thank you.. You have cleared many of my questions today..
Thank you so much , Rochit , awsome awesome explanation !!!
Great video, you definitely clarified some things for me. Thanks!
Superb
Rohit you're great at Explaining technologies. Thanks for your videos!!! Can you please do a video about FHRP that would be really helpful?
This was a nice refresher. Thanks Rohit. So just one thing, if I do a source nat (inside,outside) src-object dst-object - is this bidirectional automatically assuming I have the access-rules set up on my outside interface to allow the DNAT?
static nat is bidirectional
brilliant.........
Amazing video!!!
execellent tutor !! great demo and explanation
Great Explaination
Thank you. An excellent explanation.
Clear as water! Thanks Sir
Have been looking at a number of NAT articles - in vain - this is the first time I feel I understand how it really works. Thanks a lot. Could you please do a feature on NAT when having VPN access to the Inside network ? - Split tunneling under anyconnect vs. NAT - we need both (I think) ?
I like this idea
Thank you very much 🙏🙏🙏
This is really create explanation, Thanks a lot!
Fantastic, thank you for sharing.
King 👑
Excellent, thank you.
great explation n detail thanks for sharing knowledge : QN can i know in old asa code & new asa code how acls and nat behave as u alredy mentioned can u explain that
Could i please ask for your help? I followed the lab exactly and even set up telnet to test and still cant get it to work. I've been troubleshooting but might not be smart enough to get this to work. Any help would be appreciated
if you just have on public adress on the outside interface and you have many server in DMZ that needs to be reachable from outside ? you said that static pat is not bidirectional
Thanks
I thought Route happens at the last... NAT, ACL and then routing is what I have been thinking so long. In this video I could see Rohit mentioning Route lookup happens first and then Destination NAT, ACL and Source NAT. Can someone confirm this?
Depends if flow is in to out or out to in.
With Manual NAT, isnt NAT Divert a consideration? For instance, at the end of the lesson Manual Rule 1 would cause all traffic that sources from Webserver2 (inside) to be immediately diverted to the Outside interface, even if it was trying to contact a device on another interface right? In this case shouldnt we put an identity NAT in there to avoid that situation? This is why you have to be careful with Manual NAT because you can inadvertently divert traffic because the NAT rules override the global routing table.
How I can contact you
I want to understand why not put general rules like IP LAN subnet to internet or some other general statements in section 2 and let section 3 be strictly for conditions since its a conditional section?????
Thousands like
& exactly where it happens
INE, I hope you are listening. Please have Rohit do the Advanced technologies class for the new CCIE security exam. Please no more European instructors with bad accent.
How do I give more than 1 like to this video?
Great video, you definitely made things for easy me. Thanks!