Inbound Connection with Static and Nonat

Unanswered Question
May 13th, 2007
User Badges:

Hi,


Kindly Indicate for below scenario, Static necessary or not for Inbound Conncetion If I need to hide my Internal IP Address to Outisde Users.


I am not able to access my Inside Server.


nameif ethernet0 outside security0


nameif ethernet1 inside security100


ip address outside 192.168.1.3 255.255.255.0


ip address inside 3.x.x.2 255.255.0.0


access-list no_nat_inside permit ip any any


access-list outside_acl permit icmp any any


access-list outside_acl permit ip 192.168.1.0 255.255.255.0 host 192.168.1.102


access-list inside_acl permit icmp any any


access-list inside_acl permit ip 3.142.0.0 255.255.0.0 192.168.1.0 255.255.255.0


nat (inside) 0 access-list no_nat_inside


static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255 0 0


access-group outside_acl in interface outside


access-group inside_acl in interface inside


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

If you have one WAN address you can use PAT.


nat (inside) 1 0 0

global (outside) 1 or


If you have a server that needs to be accessible from the Internet, then use a static nat translation.



static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255


then permit access...


access-list outside_acl permit ip any host 192.168.1.102


jahangeer_abdul Sun, 05/13/2007 - 04:23
User Badges:

Hi,


In the first case, No nat is not reqd. Am I rt?


With out static Nat can I access the Inside server??

Jon Marshall Sun, 05/13/2007 - 02:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


If you want to hide the internal IP address of the server then ys you need a static translation.


Jon

Actions

This Discussion