Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Static translation with PIX/ASA

Hi folks,

I am comparatively new to PIX/ASA platform. I'm puzzled by the static translation configured on ASA:

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

What is the purpose of it?

1 REPLY
Hall of Fame Super Blue

Re: Static translation with PIX/ASA

Eugene

The purpose of this is

1) so that a host on the inside sending a packet to a machine on the dmz will appear on the DMZ as it's real IP ie. 192.168.0.x

2) so that a machine on the DMZ can send a packet to a host on the inside using the real IP addresses of the inside hosts ie. 192.168.0.x

Put more simply, to all intents and purposes it "turns off" NAT between inside hosts and the DMZ.

So why do you need to do it ? Because even when you don't want to NAT, ie. change the actual address from one IP to another, you still have to tell the pix you don't want to and this is how you do it.

Note that there is an option on v7.x code and upwards to turn off nat altogther ie.

no nat-control

Jon

123
Views
0
Helpful
1
Replies
CreatePlease to create content