Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1887
Views
0
Helpful
1
Replies

FWSM Static NAT - Source and Destination

Go to solution
cisco_lite
Level 1
Level 1

‎04-22-2009 09:54 PM - edited ‎03-11-2019 08:22 AM

hi,

In the below config, how is it identifiable that the NAT is on the source IP or the destination IP. How is it possible to do source as well as destination NAT on the same traffic at the time.

static (OUTSIDE,INSIDE) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-23-2009 01:33 AM

Static NAT is bi-directional so source IP and destination IP are relative to the inside and outside interfaces of the firewall.

So

static (inside,outside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from a source IP on the inside of 10.10.10.40 will be natted to 192.168.2.40 as it leaves the outside interface of the firewall

2) traffic from outside with a destination IP address of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the inside interfade of the firewall

static (outside,inside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from the inside with a destination IP of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the outside interface of the firewall

2) traffic from the outside with a source IP address of 10.10.10.40 will translated to 192.168.2.40 as it leaves the inside interface of the firewall.

If you want to do both simply use 2 statics eg.

src IP on inside = 192.168.10.1

dst IP on inside = 172.16.5.10

src IP on outside = 10.5.1.1

dst IP on outside = 10.10.10.1

static (inside,outside) 10.5.1.1 192.168.10.1 netmask 255.255.255.255

static (outside,inside) 172.16.5.10 10.10.10.1 netmask 255.255.255.255

Does this help ?

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-23-2009 01:33 AM

Static NAT is bi-directional so source IP and destination IP are relative to the inside and outside interfaces of the firewall.

So

static (inside,outside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from a source IP on the inside of 10.10.10.40 will be natted to 192.168.2.40 as it leaves the outside interface of the firewall

2) traffic from outside with a destination IP address of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the inside interfade of the firewall

static (outside,inside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from the inside with a destination IP of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the outside interface of the firewall

2) traffic from the outside with a source IP address of 10.10.10.40 will translated to 192.168.2.40 as it leaves the inside interface of the firewall.

If you want to do both simply use 2 statics eg.

src IP on inside = 192.168.10.1

dst IP on inside = 172.16.5.10

src IP on outside = 10.5.1.1

dst IP on outside = 10.10.10.1

static (inside,outside) 10.5.1.1 192.168.10.1 netmask 255.255.255.255

static (outside,inside) 172.16.5.10 10.10.10.1 netmask 255.255.255.255

Does this help ?

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card