Core issue
This contains the PIX / ASA / Firewall Services Module (FWSM) configuration for static translation.
Resolution
The static command configuration is similar for the PIX Firewall, ASA and FWSM.
The Static NAT command creates a fixed translation of the real address to the mapped address. This command can be used in order to assign a single public IP address to the single local IP address.
Static NAT Example:
hostname(config)#static (inside,outside) 192.168.201.12 10.1.1.3 netmask 255.255.255.255
This command maps an inside IP address (10.1.1.3) to an outside IP address (192.168.201.12).
The Static PAT command can also be used where a single port of the public IP address can be mapped with the single port of the local IP address.
Static PAT Example:
In order to redirect Telnet traffic from the outside interface (10.1.2.14) to the inside host at 10.1.1.15, enter this command:
hostname(config)#static (inside, outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255
The static PAT command is the same as static NAT, except it allows for the specification of the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) and the port for the real and mapped addresses.
The static PAT feature can identify the same mapped address across many different static statements, so long as the port is different for each statement.
Note: You cannot use the same real or mapped address in multiple static commands between the same two interfaces. Do not use a mapped address in the static command that is also defined in a global command for the same mapped interface.