Static command on PIX

Unanswered Question
Sep 2nd, 2009
User Badges:

Hi Guys,

I am confused about the use of the static command on the PIX. Let says you have the following command on the pix:

static (inside,Smtp_DMZ) netmask

What does it mean

Does it mean anything from inside get translated to when going to DMZ or otherway around.

Please help me to understand the static command.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Wed, 09/02/2009 - 21:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


A static NAT is bi-directional so it actually means 2 things -

1) the device on the inside with an IP address of will be translated to if it sends packets to a device on the Smtp_DMZ

2) if a device on the Smtp_DMZ sends packets to then the destination IP address will be translated to and sent to the inside device

The static statement is a little confusing to be honest. The logical assumption would be that the IP addresses in the static statement are written in the same order as the interfaces ie.

static (inside,outside) "inside IP address" "outside IP adddress"

but in fact the IP addresses are written in reverse order ie.

static (inside,outside) "outside IP address" "inside IP address"

it's just one of those things you have to get to used to i'm afraid.



This Discussion