08-10-2010 03:58 AM - edited 03-11-2019 11:23 AM
Hi,
If we have following static commends
static (inside,outside) 2.2.2.2 192.168.1.1 ( Public-routable-ip, private-ip)
OR
static (outside,inside) 192.168.1.1 2.2.2.2 ( private-ip,public-routable-ip)
and corresponding permit access-list is configured. Will these commands will have the same effect.
As there is always one-to-one mapping.
When there is a packet with destination 2.2.2.2 arriving on outside interface then it's destination IP address will be replaced by 192.168.1.1 and
packet will be forwarded to that host from inside interface.
In second static
Now, if packet source is 192.168.1.1 and destination can be anything then while packet is exiting the outside interface then it's source ip address will
be over written by 2.2.2.2 and then packet is forwarded to outside world.
is this understanding correct?
Appreciate you help.
Thanks
Subodh
Solved! Go to Solution.
08-10-2010 05:01 AM
static (inside,outside) 2.2.2.2 192.168.1.1 ( Public-routable-ip, private-ip)
When there is a packet with destination 2.2.2.2 arriving on outside interface then it's destination IP address will be replaced by 192.168.1.1 and
packet will be forwarded to that host from inside interface.
Now, if packet source is 192.168.1.1 and destination can be anything then while packet is exiting the outside interface then it's source ip address will
be over written by 2.2.2.2 and then packet is forwarded to outside world.
###############################################################
static (outside,inside) 192.168.1.1 2.2.2.2 ( private-ip,public-routable-ip)
If the source of the packet is 2.2.2.2 its source will be changed to 192.168.1.1 when it enters the inside interface.
-KS
08-10-2010 05:04 AM
Kureli beat me to it--please disregard
Hi Subodh,
In the scenario you describe, you will want to configure the first static statement (and the corresponding access rules):
static (inside,outside) 2.2.2.2 192.168.1.1
The second line you mentioned would only be used if you wanted to do what is called "outside NAT". With that line, users on the inside would see 2.2.2.2 as an internal IP address, 192.168.1.1.
Hope that helps.
-Mike
08-10-2010 05:01 AM
static (inside,outside) 2.2.2.2 192.168.1.1 ( Public-routable-ip, private-ip)
When there is a packet with destination 2.2.2.2 arriving on outside interface then it's destination IP address will be replaced by 192.168.1.1 and
packet will be forwarded to that host from inside interface.
Now, if packet source is 192.168.1.1 and destination can be anything then while packet is exiting the outside interface then it's source ip address will
be over written by 2.2.2.2 and then packet is forwarded to outside world.
###############################################################
static (outside,inside) 192.168.1.1 2.2.2.2 ( private-ip,public-routable-ip)
If the source of the packet is 2.2.2.2 its source will be changed to 192.168.1.1 when it enters the inside interface.
-KS
08-10-2010 05:04 AM
Kureli beat me to it--please disregard
Hi Subodh,
In the scenario you describe, you will want to configure the first static statement (and the corresponding access rules):
static (inside,outside) 2.2.2.2 192.168.1.1
The second line you mentioned would only be used if you wanted to do what is called "outside NAT". With that line, users on the inside would see 2.2.2.2 as an internal IP address, 192.168.1.1.
Hope that helps.
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide