Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Static NAT

When configuring static nat (inside, outside) shouldn't the subnet address usedin the static (inside, outside) command be in the same subnet as the inside or outside interface IP address. One of my customer is saying it doesn't have to be.

3 REPLIES

Re: Static NAT

Hi,

1.You use static alongwith access-list for mapping the Hosts which you want to make available to public/partner.

2.It makes sense using the same subnet address as of Outside interface for mapped/global static address.

I have not seen anybody implementing out of this scope,neither i have read it.

Community Member

Re: Static NAT

Problem is attached:

After puting the following command customer is seeing ARP Storm.

static (inside,outside) 10.7.0.0 10.7.0.0 netmask 255.255.248.0 0 0

Re: Static NAT

Hi Pal,

Find below the syntax of static command.

static (real_interface,mapped_interface) {mapped_address | interface} real_address [netmask mask]

Here

real_interface = inside

mapped_interface = outside

mapped_address = 10.254.254.0

real_address = 10.7.0.0

netmask = 255.255.248.0

it becomes

static (inside,outside) 10.254.254.0 10.7.0.0 netmask 255.255.248.0 0 0

Modify your access-list to allow access to 10.254.254.0 as destination.

Hope this is Helpdul

149
Views
0
Helpful
3
Replies
CreatePlease to create content