Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT - PIX and ASA

Hi,

If we do not configure any static NAT in ASA but allow the access by access-lists does it work?

For example:

static(inside,outside) a.b.c.d    a.b.c.d  packet will exit without any change in IP address.  Corresponding access-lists are cconfigured on the interfaces.

If we do not configure static in ASA and if proper routing is configured on ASA and also access-lists are configured on ASA , can the packet cross ASA?

What if the case is of PIX and not ASA?

Appreciate your help.

Thanks in advance

Subidh

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: static NAT - PIX and ASA

PIX and ASA works exactly in the same way.

From your description, here are a couple of scenario for consideration:

1) If the traffic is initiated from inside towards outside, you do not need to configure static NAT statement IF you have the following:

     ++ "no nat-control" configured

     ++ and there are no NAT statement configured on the inside interface at all.

If the above statement matches, then you only need ACL to allow outbound traffic.

2) If the traffic is initiated from inside towards outside, however, one or both of the above points do not match (ie: you either have "nat-control" configured, or you have 1 NAT statement configured on the inside interface), then you would need to configure the static statement as stated.

3) If the traffic is initiated from outside towards inside, then you would need to configure static NAT statement.

Hope that helps.

2 REPLIES
Super Bronze

Re: static NAT - PIX and ASA

PIX and ASA works exactly in the same way.

From your description, here are a couple of scenario for consideration:

1) If the traffic is initiated from inside towards outside, you do not need to configure static NAT statement IF you have the following:

     ++ "no nat-control" configured

     ++ and there are no NAT statement configured on the inside interface at all.

If the above statement matches, then you only need ACL to allow outbound traffic.

2) If the traffic is initiated from inside towards outside, however, one or both of the above points do not match (ie: you either have "nat-control" configured, or you have 1 NAT statement configured on the inside interface), then you would need to configure the static statement as stated.

3) If the traffic is initiated from outside towards inside, then you would need to configure static NAT statement.

Hope that helps.

New Member

Re: static NAT - PIX and ASA

Hi,

Thanks a lot any cisco.com document available for this on cisco.com. Searched a lot but could not find it.

Thanks appreciate your help.

Thanks

Subodh

246
Views
0
Helpful
2
Replies