Static vs. NONAT

Answered Question
Feb 3rd, 2010
User Badges:

What is the functional difference between the two for the following scenrio


static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255


vs


nat (inside) 0 1.1.1.1 255.255.255.255


Those accomplish the same thing. Is there something I'm missing?

Correct Answer by Kureli Sankar about 7 years 4 months ago

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255


This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static


vs


nat (inside) 0 1.1.1.1 255.255.255.255


This can only be sourced from the inside interface going anywhere. This is called nat exemption.


-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Wed, 02/03/2010 - 11:49
User Badges:
  • Purple, 4500 points or more

Technically speaking the NAT statement actually does NAT. Granted it NATs to its own address, but it does NAT. With NAT0 is does not NAT at all.


Hope that helps.


Please let Cisco know that these forums are valuable to you!
https://supportforums.cisco.com/docs/DOC-6212

Correct Answer
Kureli Sankar Wed, 02/03/2010 - 13:15
User Badges:
  • Cisco Employee,

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255


This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static


vs


nat (inside) 0 1.1.1.1 255.255.255.255


This can only be sourced from the inside interface going anywhere. This is called nat exemption.


-KS

Actions

This Discussion