Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inbound Connection with Static and Nonat

Hi,

Kindly Indicate for below scenario, Static necessary or not for Inbound Conncetion If I need to hide my Internal IP Address to Outisde Users.

I am not able to access my Inside Server.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

ip address outside 192.168.1.3 255.255.255.0

ip address inside 3.x.x.2 255.255.0.0

access-list no_nat_inside permit ip any any

access-list outside_acl permit icmp any any

access-list outside_acl permit ip 192.168.1.0 255.255.255.0 host 192.168.1.102

access-list inside_acl permit icmp any any

access-list inside_acl permit ip 3.142.0.0 255.255.0.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list no_nat_inside

static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255 0 0

access-group outside_acl in interface outside

access-group inside_acl in interface inside

3 REPLIES
New Member

Re: Inbound Connection with Static and Nonat

If you have one WAN address you can use PAT.

nat (inside) 1 0 0

global (outside) 1 or

If you have a server that needs to be accessible from the Internet, then use a static nat translation.

static (inside,outside) 192.168.1.102 3.142.125.10 netmask 255.255.255.255

then permit access...

access-list outside_acl permit ip any host 192.168.1.102

New Member

Re: Inbound Connection with Static and Nonat

Hi,

In the first case, No nat is not reqd. Am I rt?

With out static Nat can I access the Inside server??

Hall of Fame Super Blue

Re: Inbound Connection with Static and Nonat

Hi

If you want to hide the internal IP address of the server then ys you need a static translation.

Jon

125
Views
0
Helpful
3
Replies