Inbound Connection with Static and Nonat

jahangeer_abdul · ‎05-13-2007

Hi,

Kindly Indicate for below scenario, Static necessary or not for Inbound Conncetion If I need to hide my Internal IP Address to Outisde Users.

I am not able to access my Inside Server.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

ip address outside 192.168.1.3 255.255.255.0

ip address inside 3.x.x.2 255.255.0.0

access-list no_nat_inside permit ip any any

access-list outside_acl permit icmp any any

access-list outside_acl permit ip 192.168.1.0 255.255.255.0 host 192.168.1.102

access-list inside_acl permit icmp any any

access-list inside_acl permit ip 3.142.0.0 255.255.0.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list no_nat_inside

static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255 0 0

access-group outside_acl in interface outside

access-group inside_acl in interface inside

joshua.walton · ‎05-13-2007

If you have one WAN address you can use PAT.

nat (inside) 1 0 0

global (outside) 1 or

If you have a server that needs to be accessible from the Internet, then use a static nat translation.

static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255

then permit access...

access-list outside_acl permit ip any host 192.168.1.102

jahangeer_abdul · ‎05-13-2007

Hi,

In the first case, No nat is not reqd. Am I rt?

With out static Nat can I access the Inside server??

Jon Marshall · ‎05-13-2007

Hi

If you want to hide the internal IP address of the server then ys you need a static translation.

Jon