Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question on NAT command - static

Dear Administrator,

As usual, I will like to seek your enlightenment on a question related to NAT.

Fact: = DiGi GPRS DNS1 server (Primary) = DiGi GPRS DNS2 server (Secondary)

Current Setup:

Now, we have the following so that external parties can initiate DNS queries to the above 2 GPRS DNS servers -->

static (gprs,outside) netmask 0 0 (NAT for primary DNS server: DNS1)

static (gprs,outside) netmask 0 0 (NAT for seconday DNS server: DNS2)

However, we had not defined any "NAT" command translation rules so that the 192.168.4.x hosts can start an outbound connection (ie DNS query) to the external parties. This is because, I thought that we need to use the "NAT" command so that, only then the internal 192.168.4.x hosts needs to be translated to global addresses (64.124.233.x) before they can initiate DNS query to the external party.

However, according to my observation, the current 192.168.4.x hosts can PING to the outside world, as the PING results to Aicent's DNS servers and other GPRS roaming partners's DNS servers are successful.

Why ? Is there something wrong with my understanding in using the "static" or "NAT" command ? Please help enlighten me on this. Thanks ! :-)

Cisco Employee

Re: Question on NAT command - static

The static command would allow connections initiated from inside to outside also. In fact is has precedence over the nat statement for outbound connections.

If you need to deny connections outbound, define an ACL and apply to inside interface inbound.

Hope this helps.


New Member

Re: Question on NAT command - static

Thank you ! You are the man ! :-)

Cisco Employee

Re: Question on NAT command - static

thanks, but in this case "the woman"!!!!