Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Question on static NAT command

Dear Mr. Expert,

If I have a static NAT command below :

static (gprs,outside) 64.124.233.10 192.168.4.5 netmask 255.255.255.255 0 0

Can I say that Internet users can access 192.168.4.5 (a private DNS server) via the global IP address of 64.124.233.10, right ? Also, can I say that (assuming there is not any other ACL constraints), 192.168.4.5 can also access Internet resources via 64.124.233.10.

According to my observation, by having the single static command above, an Internet DNS server can ping to 192.168.4.5 while 192.168.4.5 can also ping to this Internet DNS server ?

However, for both "NAT" and "global" commands, it only allow internal private IP address to go outside but not the other way around, right ?

Please help confirm my understanding on the NATting on PIX firewall. Thanks !

1 REPLY
Community Member

Re: Question on static NAT command

Yes you're right.

Static works both ways but nat/global only works from higher security to lower security interfaces.

regs Lars

83
Views
0
Helpful
1
Replies
CreatePlease to create content