Static Policy

Unanswered Question
Apr 9th, 2008
User Badges:


I need to NAT an internal server and allow only certain ports open. After creating access-lists for these ports, should I still enable PAT (for the said ports) in the NAT configuration?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Thu, 04/10/2008 - 03:41
User Badges:
  • Gold, 750 points or more

Hi Patricia,

If you applied a one-to-one NAT like following

static (inside,outside) publicip localip netmask

Then you dont need to specify these ports individually.

But if you applied PAT, you should forward these ports as following

static (inside,outside) tcp interface portno localip portno netmask



This Discussion