Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NATing the Broadcast IP

Hi There,

If I did the follwing configuration:

static (inside,dmz) 10.1.1.255 10.1.1.255 net 255.255.255.255

Where 10.1.1.0/24 is my inside network and I configured an access-list allowing all the traffic from the DMZ to the inside network. Will the ASA pass traffic destined to the broadcast IP?

Regards,

Haitham

3 REPLIES
New Member

Re: NATing the Broadcast IP

Starting with PIX 5.2, the firewall no longer uses network addresses or broadcast addresses in static and global command statements when creating NAT xlate translations. Broadcast addresses are those addresses with the bit pattern of all ones, when the network mask is applied. Network addresses are those addresses with the bit pattern of all zeros, when the network mask is applied.

For example:

global 1 10.1.0.0-10.1.255.255 netmask 255.255.255.0.

With this command, the network addresses 10.1.0.0, 10.1.1.0, 10.1.2.0, and so forth through 10.1.255.0, are excluded. In addition, the broadcast addresses 10.1.0.255, 10.1.1.255, 10.1.2.255, and so forth through 10.1.255.255, are excluded.

Please rate if you are satisfied.

Cheers!

New Member

Re: NATing the Broadcast IP

Hi,

Ok very good, now if you explicitly put the broadcast IP in a NAT rule like the example in my previous post will the PIX still ignore it?

Regards,

Haitham

New Member

Re: NATing the Broadcast IP

Yes

103
Views
5
Helpful
3
Replies