Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help with static command

I want to allow all my internal clients the ability to successfully ping anything out on the internet.

I understand the access-list / access-group needed for this. Here is what I have...

access-list 101 permit icmp any host echo-reply

access-list 101 permit icmp any host source-quench

access-list 101 permit icmp any host unreachable

access-list 101 permit icmp any host time-exceeded

access-group 101 in interface outside

What would my static command look like??

Thank you.


Re: Help with static command

You don't need a static unless the outside (lower security interface) is accessing the inside (higher security interface). In your case your access-list is all you need as statics map local IP address to a global IP address, and you don't need to do that.

You will need a global command that will be the IP that your private IPs will get NAT'ed/PAT'ed into. From your post you will be using PAT.

eg global (outside) 1 netmask

You also need a nat command that states who will get translated from your private IP into your gloabl IP. From cisco "The nat command lets you enable or disable address translation for one or more internal addresses. Address translation means that when a host starts an outbound connection, the IP addresses in the internal network are translated into global addresses. "

eg. nat (inside) 1

Hope that helps.


CreatePlease to create content