I guess here we are talking about 2 things "address-persistent" and "persistent-nat”
The initial post from kronicklez1<> is talking about "if i add command "set security nat source address-persistent" in the life traffic nat is it will impact the current traffic?"
Enabling address persistnet is to make sure the same source gets the same NAT IP. Something like below. Enabling this feature is not going to teardown the existing sessions.
Scenario 1 – Source address NAT
Source address of each session from the same host is translated into a different address from the NAT pool.
lab@100A> show security flow session
Session ID: 1272, Policy name: trust_to_untrust/5, Timeout: 1728, Valid
In: 192.168.1.2/1116 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 32, Bytes: 1369
Out: 11.1.1.2/23 --> 12.1.1.242/29979;tcp, If: fe-0/0/3.0, Pkts: 27, Bytes: 1277
Session ID: 1273, Policy name: trust_to_untrust/5, Timeout: 1740, Valid
In: 192.168.1.2/1117 --> 11.1.1.2/21;tcp, If: fe-0/0/4.0, Pkts: 15, Bytes: 684
Out: 11.1.1.2/21 --> 12.1.1.241/11952;tcp, If: fe-0/0/3.0, Pkts: 17, Bytes: 957
Session ID: 1283, Policy name: trust_to_untrust/5, Timeout: 1776, Valid
In: 192.168.1.2/1125 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 4, Bytes: 1506
Out: 11.1.1.2/80 --> 12.1.1.237/5703;tcp, If: fe-0/0/3.0, Pkts: 4, Bytes: 544
Session ID: 1304, Policy name: trust_to_untrust/5, Timeout: 1798, Valid
In: 192.168.1.2/1128 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 5, Bytes: 2078
Out: 11.1.1.2/80 --> 12.1.1.236/16453;tcp, If: fe-0/0/3.0, Pkts: 4, Bytes: 180
As the sessions are torn down, the translated addresses are released back into the NAT pool (that is, NAT translation ends with session termination).
Scenario 2 – Source address NAT + address-persistent
Source address of each session from the same host is translated into the same address from the NAT pool.
lab@100A> show security flow session
Session ID: 1353, Policy name: trust_to_untrust/5, Timeout: 1696, Valid
In: 192.168.1.2/1139 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 28, Bytes: 1205
Out: 11.1.1.2/23 --> 12.1.1.2/13712;tcp, If: fe-0/0/3.0, Pkts: 24, Bytes: 1129
Session ID: 1354, Policy name: trust_to_untrust/5, Timeout: 1706, Valid
In: 192.168.1.2/1140 --> 11.1.1.2/21;tcp, If: fe-0/0/4.0, Pkts: 15, Bytes: 685
Out: 11.1.1.2/21 --> 12.1.1.2/10332;tcp, If: fe-0/0/3.0, Pkts: 17, Bytes: 957
Session ID: 1363, Policy name: trust_to_untrust/5, Timeout: 1790, Valid
In: 192.168.1.2/1148 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 6, Bytes: 2931
Out: 11.1.1.2/80 --> 12.1.1.2/12082;tcp, If: fe-0/0/3.0, Pkts: 7, Bytes: 1714
Session ID: 1385, Policy name: trust_to_untrust/5, Timeout: 1790, Valid
In: 192.168.1.2/1151 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 8, Bytes: 2198
Out: 11.1.1.2/80 --> 12.1.1.2/9573;tcp, If: fe-0/0/3.0, Pkts: 9, Bytes: 6955
Session ID: 1386, Policy name: trust_to_untrust/5, Timeout: 1796, Valid
In: 192.168.1.2/1152 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 28, Bytes: 1205
Out: 11.1.1.2/23 --> 12.1.1.2/11790;tcp, If: fe-0/0/3.0, Pkts: 24, Bytes: 1129
The initial post from kronicklez1<> is talking about "if i add command "set security nat source address-persistent" in the life traffic nat is it will impact the current traffic?"
Enabling address persistnet is to make sure the same source gets the same NAT IP. Something like below. Enabling this feature is not going to teardown the existing sessions.
Scenario 1 – Source address NAT
Source address of each session from the same host is translated into a different address from the NAT pool.
lab@100A> show security flow session
Session ID: 1272, Policy name: trust_to_untrust/5, Timeout: 1728, Valid
In: 192.168.1.2/1116 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 32, Bytes: 1369
Out: 11.1.1.2/23 --> 12.1.1.242/29979;tcp, If: fe-0/0/3.0, Pkts: 27, Bytes: 1277
Session ID: 1273, Policy name: trust_to_untrust/5, Timeout: 1740, Valid
In: 192.168.1.2/1117 --> 11.1.1.2/21;tcp, If: fe-0/0/4.0, Pkts: 15, Bytes: 684
Out: 11.1.1.2/21 --> 12.1.1.241/11952;tcp, If: fe-0/0/3.0, Pkts: 17, Bytes: 957
Session ID: 1283, Policy name: trust_to_untrust/5, Timeout: 1776, Valid
In: 192.168.1.2/1125 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 4, Bytes: 1506
Out: 11.1.1.2/80 --> 12.1.1.237/5703;tcp, If: fe-0/0/3.0, Pkts: 4, Bytes: 544
Session ID: 1304, Policy name: trust_to_untrust/5, Timeout: 1798, Valid
In: 192.168.1.2/1128 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 5, Bytes: 2078
Out: 11.1.1.2/80 --> 12.1.1.236/16453;tcp, If: fe-0/0/3.0, Pkts: 4, Bytes: 180
As the sessions are torn down, the translated addresses are released back into the NAT pool (that is, NAT translation ends with session termination).
Scenario 2 – Source address NAT + address-persistent
Source address of each session from the same host is translated into the same address from the NAT pool.
lab@100A> show security flow session
Session ID: 1353, Policy name: trust_to_untrust/5, Timeout: 1696, Valid
In: 192.168.1.2/1139 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 28, Bytes: 1205
Out: 11.1.1.2/23 --> 12.1.1.2/13712;tcp, If: fe-0/0/3.0, Pkts: 24, Bytes: 1129
Session ID: 1354, Policy name: trust_to_untrust/5, Timeout: 1706, Valid
In: 192.168.1.2/1140 --> 11.1.1.2/21;tcp, If: fe-0/0/4.0, Pkts: 15, Bytes: 685
Out: 11.1.1.2/21 --> 12.1.1.2/10332;tcp, If: fe-0/0/3.0, Pkts: 17, Bytes: 957
Session ID: 1363, Policy name: trust_to_untrust/5, Timeout: 1790, Valid
In: 192.168.1.2/1148 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 6, Bytes: 2931
Out: 11.1.1.2/80 --> 12.1.1.2/12082;tcp, If: fe-0/0/3.0, Pkts: 7, Bytes: 1714
Session ID: 1385, Policy name: trust_to_untrust/5, Timeout: 1790, Valid
In: 192.168.1.2/1151 --> 11.1.1.2/80;tcp, If: fe-0/0/4.0, Pkts: 8, Bytes: 2198
Out: 11.1.1.2/80 --> 12.1.1.2/9573;tcp, If: fe-0/0/3.0, Pkts: 9, Bytes: 6955
Session ID: 1386, Policy name: trust_to_untrust/5, Timeout: 1796, Valid
In: 192.168.1.2/1152 --> 11.1.1.2/23;tcp, If: fe-0/0/4.0, Pkts: 28, Bytes: 1205
Out: 11.1.1.2/23 --> 12.1.1.2/11790;tcp, If: fe-0/0/3.0, Pkts: 24, Bytes: 1129