Help with static command

Unanswered Question
Sep 15th, 2002
User Badges:

I want to allow all my internal clients the ability to successfully ping anything out on the internet.


I understand the access-list / access-group needed for this. Here is what I have...


access-list 101 permit icmp any host 200.1.1.5 echo-reply

access-list 101 permit icmp any host 200.1.1.5 source-quench

access-list 101 permit icmp any host 200.1.1.5 unreachable

access-list 101 permit icmp any host 200.1.1.5 time-exceeded

access-group 101 in interface outside


What would my static command look like??


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steve.barlow Sun, 09/15/2002 - 09:25
User Badges:
  • Silver, 250 points or more

You don't need a static unless the outside (lower security interface) is accessing the inside (higher security interface). In your case your access-list is all you need as statics map local IP address to a global IP address, and you don't need to do that.

You will need a global command that will be the IP that your private IPs will get NAT'ed/PAT'ed into. From your post you will be using PAT.

eg global (outside) 1 200.1.1.5 netmask 255.255.255.224

You also need a nat command that states who will get translated from your private IP into your gloabl IP. From cisco "The nat command lets you enable or disable address translation for one or more internal addresses. Address translation means that when a host starts an outbound connection, the IP addresses in the internal network are translated into global addresses. "

eg. nat (inside) 1 10.0.0.0 255.0.0.0

Hope that helps.

Steve

Actions

This Discussion