Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do I need static if I am not using nat on pix 6.2??

I have pix 6.2 and I am not using nat for address translation, all i have nat for is :

nat (inside) 0 access-list 200

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

nat (dmz:2) 0 0.0.0.0 0.0.0.0 0 0

and then i have the following statics configured:

static (inside,outside) LotusSrv LotusSrv netmask 255.255.255.255 0 0

static (inside,outside) mail-81 mail-81 netmask 255.255.255.255 0 0

static (inside,outside) bookstore bookstore netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.81.0 204.142.81.0 netmask 255.255.255.0 0 0

static (dmz:2,outside) venus venus netmask 255.255.255.255 0 0

and a lot more...but not for all the hosts...

Obviuosly , I dont have any global command.

I just want to know that what purpose are these static commands serving, can i remove them and how do i decide that for which hosts do i need to configure static?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Do I need static if I am not using nat on pix 6.2??

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt

1 REPLY
Silver

Re: Do I need static if I am not using nat on pix 6.2??

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt

88
Views
0
Helpful
1
Replies
CreatePlease login to create content