Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX/ASA static nat command

Hello fellow ciscoers,

My question relates to the use of the netmask command within the PIX/ASA. When used does this only translate the appropriate bits in the original ip address to the desired NAT address? For example:

If configure as follows:

static (inside,outside) 192.168.100.0 123.123.123.0 netmask 255.255.255.0

Then i send a packet with a source IP of say 192.168.100.50 through, then will the NAT address end up as 123.123.123.50.

Hence with a netmask of 24 bits will it not translate octect 4, and hence leave my "host bits" alone?

Thanks to all in advance

cheers nik

1 REPLY
New Member

Re: PIX/ASA static nat command

You are correct. Many times people will do one to one translations doing exactly the same things but keeping the inside and outside IP's the same. This is sometimes done on internal firewalls where you do not want to translate any addresses.

129
Views
0
Helpful
1
Replies
CreatePlease to create content