Ok, i found my instructor for Security, and I have to say, it is a relaxing feeling to watch someone just sit back and teach the material. Thank you, this is the type of training that I do and it works. You my friend are going to be sharing alot of late nights indirectly with security. Thank you for doing this in a way that is relatable. This lesson alone lets me know that I need to revisit the ASA. I got a job working in the SOC (first time working in security) and have been trying to change from ROUTE/SWITCH into a different realm and security wins the election. Finding an instructor that I relate to is hard and you, my friend, are it. Thank you so much.
Thank you, This was a really good session. You made NAT easy to understand, very concise and clear. I can’t thank you enough, I will definitely be looking at your courses on INE.
Excellent, clear and succinct Explanation of a much messed up topic on ASA. Two Quick questions @14:30. Wouldn't it consume more ASA resources if you place most general rules in the bottom of section-3, as for every LAN IP ASA will have to start looking for a rule from the top of section-1 until it finds a rule at the bottom of Section-3 ? Second, What is it called , and how could we NAT Multiple Inside Servers with single Public IP Address ?
This was a nice refresher. Thanks Rohit. So just one thing, if I do a source nat (inside,outside) src-object dst-object - is this bidirectional automatically assuming I have the access-rules set up on my outside interface to allow the DNAT?
Have been looking at a number of NAT articles - in vain - this is the first time I feel I understand how it really works. Thanks a lot. Could you please do a feature on NAT when having VPN access to the Inside network ? - Split tunneling under anyconnect vs. NAT - we need both (I think) ?
if you just have on public adress on the outside interface and you have many server in DMZ that needs to be reachable from outside ? you said that static pat is not bidirectional
With Manual NAT, isnt NAT Divert a consideration? For instance, at the end of the lesson Manual Rule 1 would cause all traffic that sources from Webserver2 (inside) to be immediately diverted to the Outside interface, even if it was trying to contact a device on another interface right? In this case shouldnt we put an identity NAT in there to avoid that situation? This is why you have to be careful with Manual NAT because you can inadvertently divert traffic because the NAT rules override the global routing table.
great explation n detail thanks for sharing knowledge : QN can i know in old asa code & new asa code how acls and nat behave as u alredy mentioned can u explain that
Could i please ask for your help? I followed the lab exactly and even set up telnet to test and still cant get it to work. I've been troubleshooting but might not be smart enough to get this to work. Any help would be appreciated
I thought Route happens at the last... NAT, ACL and then routing is what I have been thinking so long. In this video I could see Rohit mentioning Route lookup happens first and then Destination NAT, ACL and Source NAT. Can someone confirm this?
I want to understand why not put general rules like IP LAN subnet to internet or some other general statements in section 2 and let section 3 be strictly for conditions since its a conditional section?????
INE, I hope you are listening. Please have Rohit do the Advanced technologies class for the new CCIE security exam. Please no more European instructors with bad accent.
Ok, i found my instructor for Security, and I have to say, it is a relaxing feeling to watch someone just sit back and teach the material. Thank you, this is the type of training that I do and it works. You my friend are going to be sharing alot of late nights indirectly with security. Thank you for doing this in a way that is relatable. This lesson alone lets me know that I need to revisit the ASA. I got a job working in the SOC (first time working in security) and have been trying to change from ROUTE/SWITCH into a different realm and security wins the election. Finding an instructor that I relate to is hard and you, my friend, are it. Thank you so much.
Rohit !!! You are my path to the CCIE Security Destiny... Thank You .. Excellent Work!
Thank you, This was a really good session. You made NAT easy to understand, very concise and clear. I can’t thank you enough, I will definitely be looking at your courses on INE.
Thank you very much Rohit , again very excellent way of teaching NAT on ASA.
Excellent, clear and succinct Explanation of a much messed up topic on ASA.
Two Quick questions
@14:30. Wouldn't it consume more ASA resources if you place most general rules in the bottom of section-3, as for every LAN IP ASA will have to start looking for a rule from the top of section-1 until it finds a rule at the bottom of Section-3 ?
Second, What is it called , and how could we NAT Multiple Inside Servers with single Public IP Address ?
Excellent ...Loved it ...way you teach is Exemplary
Thankyou for sharing great information & detail explanation @INEtraining
Best video to understand NAT
gr8 explanation u have made NAT easy to me.............. Thanks for session ..
Thanks Mr RP and thanks INE
Superb
Excellent explanation.. Thank you.. You have cleared many of my questions today..
Thank you so much , Rochit , awsome awesome explanation !!!
Amazing video!!!
Great Explaination
brilliant.........
King 👑
Clear as water! Thanks Sir
Thank you. An excellent explanation.
Rohit you're great at Explaining technologies. Thanks for your videos!!! Can you please do a video about FHRP that would be really helpful?
execellent tutor !! great demo and explanation
This was a nice refresher. Thanks Rohit. So just one thing, if I do a source nat (inside,outside) src-object dst-object - is this bidirectional automatically assuming I have the access-rules set up on my outside interface to allow the DNAT?
static nat is bidirectional
Great video, you definitely clarified some things for me. Thanks!
Have been looking at a number of NAT articles - in vain - this is the first time I feel I understand how it really works. Thanks a lot. Could you please do a feature on NAT when having VPN access to the Inside network ? - Split tunneling under anyconnect vs. NAT - we need both (I think) ?
I like this idea
This is really create explanation, Thanks a lot!
Thank you very much 🙏🙏🙏
Fantastic, thank you for sharing.
Excellent, thank you.
if you just have on public adress on the outside interface and you have many server in DMZ that needs to be reachable from outside ? you said that static pat is not bidirectional
With Manual NAT, isnt NAT Divert a consideration? For instance, at the end of the lesson Manual Rule 1 would cause all traffic that sources from Webserver2 (inside) to be immediately diverted to the Outside interface, even if it was trying to contact a device on another interface right? In this case shouldnt we put an identity NAT in there to avoid that situation? This is why you have to be careful with Manual NAT because you can inadvertently divert traffic because the NAT rules override the global routing table.
Thanks
great explation n detail thanks for sharing knowledge : QN can i know in old asa code & new asa code how acls and nat behave as u alredy mentioned can u explain that
How I can contact you
Could i please ask for your help? I followed the lab exactly and even set up telnet to test and still cant get it to work. I've been troubleshooting but might not be smart enough to get this to work. Any help would be appreciated
I thought Route happens at the last... NAT, ACL and then routing is what I have been thinking so long. In this video I could see Rohit mentioning Route lookup happens first and then Destination NAT, ACL and Source NAT. Can someone confirm this?
Depends if flow is in to out or out to in.
I want to understand why not put general rules like IP LAN subnet to internet or some other general statements in section 2 and let section 3 be strictly for conditions since its a conditional section?????
Thousands like
& exactly where it happens
How do I give more than 1 like to this video?
INE, I hope you are listening. Please have Rohit do the Advanced technologies class for the new CCIE security exam. Please no more European instructors with bad accent.
Great video, you definitely made things for easy me. Thanks!