Inbound Connection with Static and Nonat

Unanswered Question
May 13th, 2007
User Badges:


Kindly Indicate for below scenario, Static necessary or not for Inbound Conncetion If I need to hide my Internal IP Address to Outisde Users.

I am not able to access my Inside Server.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

ip address outside

ip address inside 3.x.x.2

access-list no_nat_inside permit ip any any

access-list outside_acl permit icmp any any

access-list outside_acl permit ip host

access-list inside_acl permit icmp any any

access-list inside_acl permit ip

nat (inside) 0 access-list no_nat_inside

static (inside,outside) netmask 0 0

access-group outside_acl in interface outside

access-group inside_acl in interface inside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

If you have one WAN address you can use PAT.

nat (inside) 1 0 0

global (outside) 1 or

If you have a server that needs to be accessible from the Internet, then use a static nat translation.

static (inside,outside) netmask

then permit access...

access-list outside_acl permit ip any host

jahangeer_abdul Sun, 05/13/2007 - 04:23
User Badges:


In the first case, No nat is not reqd. Am I rt?

With out static Nat can I access the Inside server??

Jon Marshall Sun, 05/13/2007 - 02:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If you want to hide the internal IP address of the server then ys you need a static translation.



This Discussion