Static vs. NONAT

Answered Question
Feb 3rd, 2010

What is the functional difference between the two for the following scenrio

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

vs


nat (inside) 0 1.1.1.1 255.255.255.255

Those accomplish the same thing. Is there something I'm missing?

Correct Answer by Kureli Sankar about 7 years 2 weeks ago

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static

vs


nat (inside) 0 1.1.1.1 255.255.255.255

This can only be sourced from the inside interface going anywhere. This is called nat exemption.

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Kureli Sankar Wed, 02/03/2010 - 13:15

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static

vs


nat (inside) 0 1.1.1.1 255.255.255.255

This can only be sourced from the inside interface going anywhere. This is called nat exemption.

-KS

Actions

This Discussion