to clarify,

Traffic initiated from the inside (10 net) will map to itself
(identity nat), unless it is tcp traffic destined for 1.1.1.1 then it
will map to 1.1.1.2.

Traffic initiated from the outside to the inside will not matter since
this is where there is no overlapping as the above scenario. Here
traffic destined for 10.x will be translated to itself. The policy
nat in this scenario does not allow traffic initiated from a lower
security interface to a higher security interface as it can only be
done via nat exemption, identity nat, or static nat/pat. I think this
is where the confusion was. Only local traffic can be translated with
Policy NAT (thanks for catching my typo above) not global.

hope this clarifies things.

Kevin

> >
> > >
> > > On 11/6/07, sivakumar wrote:
> > > >
> > > > Hi,
> > > >
> > > > access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1
> > > >
> > > > static(inside,ouside) 1.1.1.2 access-list rule1 0 0
> > > > static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
> > > >
> > > > Please tell me which statement will take precedence - policy NAT ot Static
> > > > NAT..
> > > >
> > > > --
> > > > View this message in context: http://www.nabble.com/NAT-order-help...html#a13548213
> > > > Sent from the Firewall Wizards mailing list archive at Nabble.com.
> > > >
> > > > _______________________________________________
> > > > firewall-wizards mailing list
> > > > firewall-wizards@listserv.icsalabs.com
> > > > https://listserv.icsalabs.com/mailma...rewall-wizards
> > > >
> > >
> > >
> > > --
> > > Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
> > > http://www.algosec.com
> > > ******* Firewall Management Made Smarter ******
> > > _______________________________________________
> > > firewall-wizards mailing list
> > > firewall-wizards@listserv.icsalabs.com
> > > https://listserv.icsalabs.com/mailma...rewall-wizards
> > >

> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > https://listserv.icsalabs.com/mailma...rewall-wizards
> >

>
>
> --
> Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
> http://www.algosec.com
> ******* Firewall Management Made Smarter ******
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards