Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM Static NAT - Source and Destination

hi,

In the below config, how is it identifiable that the NAT is on the source IP or the destination IP. How is it possible to do source as well as destination NAT on the same traffic at the time.

static (OUTSIDE,INSIDE) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: FWSM Static NAT - Source and Destination

Static NAT is bi-directional so source IP and destination IP are relative to the inside and outside interfaces of the firewall.

So

static (inside,outside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from a source IP on the inside of 10.10.10.40 will be natted to 192.168.2.40 as it leaves the outside interface of the firewall

2) traffic from outside with a destination IP address of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the inside interfade of the firewall

static (outside,inside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from the inside with a destination IP of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the outside interface of the firewall

2) traffic from the outside with a source IP address of 10.10.10.40 will translated to 192.168.2.40 as it leaves the inside interface of the firewall.

If you want to do both simply use 2 statics eg.

src IP on inside = 192.168.10.1

dst IP on inside = 172.16.5.10

src IP on outside = 10.5.1.1

dst IP on outside = 10.10.10.1

static (inside,outside) 10.5.1.1 192.168.10.1 netmask 255.255.255.255

static (outside,inside) 172.16.5.10 10.10.10.1 netmask 255.255.255.255

Does this help ?

Jon

1 REPLY
Hall of Fame Super Blue

Re: FWSM Static NAT - Source and Destination

Static NAT is bi-directional so source IP and destination IP are relative to the inside and outside interfaces of the firewall.

So

static (inside,outside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from a source IP on the inside of 10.10.10.40 will be natted to 192.168.2.40 as it leaves the outside interface of the firewall

2) traffic from outside with a destination IP address of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the inside interfade of the firewall

static (outside,inside) 192.168.2.40 10.10.10.40 netmask 255.255.255.255

means

1) traffic from the inside with a destination IP of 192.168.2.40 will be natted to 10.10.10.40 as it leaves the outside interface of the firewall

2) traffic from the outside with a source IP address of 10.10.10.40 will translated to 192.168.2.40 as it leaves the inside interface of the firewall.

If you want to do both simply use 2 statics eg.

src IP on inside = 192.168.10.1

dst IP on inside = 172.16.5.10

src IP on outside = 10.5.1.1

dst IP on outside = 10.10.10.1

static (inside,outside) 10.5.1.1 192.168.10.1 netmask 255.255.255.255

static (outside,inside) 172.16.5.10 10.10.10.1 netmask 255.255.255.255

Does this help ?

Jon

1001
Views
0
Helpful
1
Replies