Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static nat statement

I need to setup a static one to one nat statement on my PIX 515. I need to map an outside IP to an inside IP. Let's say the IP address on the outside is outside.ip and the internal IP is 192.168.100.125.

The interfaces that we have defined are inside, outside and DMZ1 and if it matters I will be setting up acl's and static statements to route the traffic.

There are already three other nat statements defined as:

nat (inside) 0 access-list acl_name

nat (inside) 1 vpn 255.0.0.0 0 0

nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0

Anyone know how I should go about this?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Static nat statement

the difference is that you are statically natting a local IP address 10.1.1.3 with 200.1.1.25 on a router and not on your pix.

This is the same principle as before, a one-to-one nat, if you are nating on a router you have to define your (ip nat outside) on the 200.1.1.0 interface.

Jorge

3 REPLIES

Re: Static nat statement

Assuming you have an outside interface configured

You have to create a one-to-one static nat as:

static (inside,outside) outside.ip 192.168.100.125 netmask 255.255.255.255 0 0

Then you have to create an access list : say you want to allow telnet access from to 192.168.100.125

from the outside world.

access-list outside_access_in permit tcp any host outside.ip eq 23

access-group outside_access_in in interface outside

hope this helps

Jorge

New Member

Re: Static nat statement

I understand. So I was totally going the wrong way. Well I found the following documentation on the cisco website:

This setup also includes a static one-to-one NAT for a server at 10.1.1.3. This is NAT'd to 200.1.1.25 so that Internet users can access it. Issue this command:

ip nat inside source static 10.1.1.3 200.1.1.25

So what is the difference between this and what I was asking?

Thanks.

Re: Static nat statement

the difference is that you are statically natting a local IP address 10.1.1.3 with 200.1.1.25 on a router and not on your pix.

This is the same principle as before, a one-to-one nat, if you are nating on a router you have to define your (ip nat outside) on the 200.1.1.0 interface.

Jorge

677
Views
0
Helpful
3
Replies