Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Better to use static translations with or without port address?

I'm creating statics like:

static (dmz,outside) public dmz mask

I thought I would just open the ports in the acl, but I know I can do something like:

static (dmz,outside) public ip 80 dmz ip 80 netmask

Is this the "better" way of doing it, or does it really matter?

Thanks,

John

HTH, John *** Please rate all useful posts ***
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Better to use static translations with or without port addre

John

Others may differ but i only use ports in the static statement when i am doing port forwarding ie. using the same public IP to forward to multiple private IP addresses on different ports.

Otherwise i just use a static and tie down the access with acl entries. NAT should not really be relied upon for security.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: Better to use static translations with or without port addre

John

Others may differ but i only use ports in the static statement when i am doing port forwarding ie. using the same public IP to forward to multiple private IP addresses on different ports.

Otherwise i just use a static and tie down the access with acl entries. NAT should not really be relied upon for security.

Jon

Re: Better to use static translations with or without port addre

Okay, that's what I'm doing. I have a single public address that's forwarding on different ports to different hosts (some in dmz and some on the inside). I've had to use port translation on those.

Thanks Jon!

John

HTH, John *** Please rate all useful posts ***
107
Views
0
Helpful
2
Replies
CreatePlease to create content