Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Using Static NAT for network and host

Is it possible to use a static NAT for a network and then a different one for a host within that network.

Example:

static (inside,outside) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

<---so that all 10.10.10.0 address are seen on outside as themselves---->

static (inside,outside) 10.10.10.5 11.11.11.5 netmask 255.255.255.255

<---so that 10.10.10.5 host is NAT'ed to different address--->

1 ACCEPTED SOLUTION

Accepted Solutions
Red

Using Static NAT for network and host

Hi Rod,

Yes it is very much possible, the more specific one will take the precedence over the other static nat for the network,  , to verify it you can also run a packet tracer for it.

Packet-tracer input outside tcp 4.2.2.2 23456 11.11.11.5 80 detailed

and your static nat is not correct, it shoudl be:

static (inside,outside)  11.11.11.5 10.10.10.5 netmask 255.255.255.255

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
2 REPLIES
Red

Using Static NAT for network and host

Hi Rod,

Yes it is very much possible, the more specific one will take the precedence over the other static nat for the network,  , to verify it you can also run a packet tracer for it.

Packet-tracer input outside tcp 4.2.2.2 23456 11.11.11.5 80 detailed

and your static nat is not correct, it shoudl be:

static (inside,outside)  11.11.11.5 10.10.10.5 netmask 255.255.255.255

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Community Member

Using Static NAT for network and host

Thanks for the help!

227
Views
0
Helpful
2
Replies
CreatePlease to create content