Comparing Auto NAT and Manual NAT
The main differences between these two NAT types are:
-
How you define the real address.
-
Auto NAT—The NAT rule becomes a parameter for a network object. The network object IP address serves as the original (real) address.
-
Manual NAT—You identify a network object or network object group for both the real and mapped addresses. In this case, NAT is not a parameter of the network object; the network object or group is a parameter of the NAT configuration. The ability to use a network object group for the real address means that manual NAT is more scalable.
-
-
How source and destination NAT is implemented.
-
Auto NAT— Each rule can apply to either the source or destination of a packet. So two rules might be used, one for the source IP address, and one for the destination IP address. These two rules cannot be tied together to enforce a specific translation for a source/destination combination.
-
Manual NAT—A single rule translates both the source and destination. A packet matches one rule only, and further rules are not checked. Even if you do not configure the optional destination address, a matching packet still matches one manual NAT rule only. The source and destination are tied together, so you can enforce different translations depending on the source/destination combination. For example, sourceA/destinationA can have a different translation than sourceA/destinationB.
-
-
Order of NAT Rules.
-
Auto NAT—Automatically ordered in the NAT table.
-
Manual NAT—Manually ordered in the NAT table (before or after auto NAT rules).
-