Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
2
Replies

static nat and tcp limits

valsidalv
Level 1
Level 1

‎02-29-2008 01:00 AM - edited ‎03-11-2019 05:10 AM

Hello,

I'm using Cisco Pix 515E, 8.0(3).

I have two networks - inside and dmz. Inside has sec. level 100, dmz 50. To communicate hosts from inside to dmz I made

static (inside,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 tcp 0 10.

I think that Pix during NAT vindicate NAT-ed IP address on destination interface, so I had on these segments two devices with the same IP address.

Is it true? What is the best solution; disable nat-control and then disable static record?

Many thanks,

Vladislav

Labels:
0 Helpful
2 Replies 2

abinjola
Cisco Employee
Cisco Employee

‎02-29-2008 07:45 AM

I am not sure what you mean by "I think that Pix during NAT vindicate NAT-ed IP address on destination interface, "

this is self static rule that you have in place...it will make sure the source is always preserved when you go from inside to dmz.

0 Helpful

valsidalv
Level 1
Level 1
In response to abinjola

‎03-01-2008 03:51 AM

Hello,

I mean, when embryonic connection threshold is reached, pix acts as proxy and respond with syn-ack.

So when I make static identity NAT, I'm not sure if I will have two same IP address. One - the physical server, two - from which pix respond(after treshold). Becasue I make NAT, where inside IP addresses present on dmz side.

Vladislav

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card