NATing the Broadcast IP

Unanswered Question
May 12th, 2007
User Badges:

Hi There,


If I did the follwing configuration:


static (inside,dmz) 10.1.1.255 10.1.1.255 net 255.255.255.255


Where 10.1.1.0/24 is my inside network and I configured an access-list allowing all the traffic from the DMZ to the inside network. Will the ASA pass traffic destined to the broadcast IP?


Regards,

Haitham

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Starting with PIX 5.2, the firewall no longer uses network addresses or broadcast addresses in static and global command statements when creating NAT xlate translations. Broadcast addresses are those addresses with the bit pattern of all ones, when the network mask is applied. Network addresses are those addresses with the bit pattern of all zeros, when the network mask is applied.


For example:


global 1 10.1.0.0-10.1.255.255 netmask 255.255.255.0.


With this command, the network addresses 10.1.0.0, 10.1.1.0, 10.1.2.0, and so forth through 10.1.255.0, are excluded. In addition, the broadcast addresses 10.1.0.255, 10.1.1.255, 10.1.2.255, and so forth through 10.1.255.255, are excluded.



Please rate if you are satisfied.


Cheers!

Actions

This Discussion