How to configure static NAT / static PAT command in the PIX, ASA and FWSM

Document

Jun 18, 2009 3:54 PM
Jun 18th, 2009

Core issue

This contains the PIX / ASA / Firewall Services Module (FWSM) configuration for static translation.

Resolution

The static command configuration is similar for the PIX Firewall, ASA and FWSM.

The Static NAT command creates a fixed translation of the real address to the mapped address. This command can be used in order to assign a single public IP address to the single local IP address.

Static NAT Example:

hostname(config)#static (inside,outside) 192.168.201.12 10.1.1.3 netmask 255.255.255.255

This command maps an inside IP address (10.1.1.3) to an outside IP address (192.168.201.12).

The Static PAT command can also be used where a single port of the public IP address can be mapped with the single port of the local IP address.

Static PAT Example:

In order to redirect Telnet traffic from the outside interface (10.1.2.14) to the inside host at 10.1.1.15, enter this command:

hostname(config)#static (inside, outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

The static PAT command is the same as static NAT, except it allows for the specification of the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) and the port for the real and mapped addresses.

The static PAT feature can identify the same mapped address across many different static statements, so long as the port is different for each statement.

Note: You cannot use the same real or mapped address in multiple static commands between the same two interfaces. Do not use a mapped address in the static command that is also defined in a global command for the same mapped interface.

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 18, 2009 at 3:54 PM
Stats:
Comments:0 Avg. Rating:0
Views:30495 Contributors:0
Shares:0

Related Content

Documents Leaderboard