Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
1
Replies

Static nat using the outside interface

Go to solution
marcusbrutus
Level 1
Level 1

‎10-17-2010 05:11 AM - edited ‎03-11-2019 11:55 AM

Hi,

Just curious, what exactly would happen if i apply a static nat using the outside interface IP pointing to a device behind my inside interface?  I am thinking if the global nat IP is using a different IP than the outside interface then it's ok.  I am accustomed to seeing a global nat IP A and static nat B and an outside interface IP C.  It never crossed my mind to mix it up where my global nat IP is still A but my static nat and outside interface IP is both C.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎10-17-2010 06:08 AM

Marcus,

So long as this outside interface is used for STATIC PAT and not 1-1 NAT you are good. Otherwise all traffic received by the outside interface will be sent to the inside host - meaning you cannot even manage the outside interface using ssh or asdm.

Here is a sample.

Let us say your outside interface IP address is 1.1.1.1

you also have 1.1.1.2 available.

Your static lines can be like this:

static (inside,outside) tcp interface 80 10.10.10.1 80 net 255.255.255.255  -----> static pat for inside webserver 10.10.10.1

static (inside,outside) 1.1.1.2 10.10.10.2 net 255.255.255.255  --------------> 1-1 static nat for inside server 10.10.10.2

Pls. make sure to rate the answers and mark them solved if it solves the issue.

-KS

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎10-17-2010 06:08 AM

Marcus,

So long as this outside interface is used for STATIC PAT and not 1-1 NAT you are good. Otherwise all traffic received by the outside interface will be sent to the inside host - meaning you cannot even manage the outside interface using ssh or asdm.

Here is a sample.

Let us say your outside interface IP address is 1.1.1.1

you also have 1.1.1.2 available.

Your static lines can be like this:

static (inside,outside) tcp interface 80 10.10.10.1 80 net 255.255.255.255  -----> static pat for inside webserver 10.10.10.1

static (inside,outside) 1.1.1.2 10.10.10.2 net 255.255.255.255  --------------> 1-1 static nat for inside server 10.10.10.2

Pls. make sure to rate the answers and mark them solved if it solves the issue.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card