Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static nat using the outside interface

Hi,

Just curious, what exactly would happen if i apply a static nat using the outside interface IP pointing to a device behind my inside interface?  I am thinking if the global nat IP is using a different IP than the outside interface then it's ok.  I am accustomed to seeing a global nat IP A and static nat B and an outside interface IP C.  It never crossed my mind to mix it up where my global nat IP is still A but my static nat and outside interface IP is both C.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Static nat using the outside interface

Marcus,

So long as this outside interface is used for STATIC PAT and not 1-1 NAT you are good. Otherwise all traffic received by the outside interface will be sent to the inside host - meaning you cannot even manage the outside interface using ssh or asdm.

Here is a sample.

Let us say your outside interface IP address is 1.1.1.1

you also have 1.1.1.2 available.

Your static lines can be like this:

static (inside,outside) tcp interface 80 10.10.10.1 80 net 255.255.255.255  -----> static pat for inside webserver 10.10.10.1

static (inside,outside) 1.1.1.2 10.10.10.2 net 255.255.255.255  --------------> 1-1 static nat for inside server 10.10.10.2

Pls. make sure to rate the answers and mark them solved if it solves the issue.

-KS

1 REPLY
Cisco Employee

Re: Static nat using the outside interface

Marcus,

So long as this outside interface is used for STATIC PAT and not 1-1 NAT you are good. Otherwise all traffic received by the outside interface will be sent to the inside host - meaning you cannot even manage the outside interface using ssh or asdm.

Here is a sample.

Let us say your outside interface IP address is 1.1.1.1

you also have 1.1.1.2 available.

Your static lines can be like this:

static (inside,outside) tcp interface 80 10.10.10.1 80 net 255.255.255.255  -----> static pat for inside webserver 10.10.10.1

static (inside,outside) 1.1.1.2 10.10.10.2 net 255.255.255.255  --------------> 1-1 static nat for inside server 10.10.10.2

Pls. make sure to rate the answers and mark them solved if it solves the issue.

-KS

302
Views
0
Helpful
1
Replies
CreatePlease login to create content