Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static Non-Translation

Can anyone point me to the right place to read more about this? I can't seem to get any better documentation on this.

static (inside,dmz) 192.168.1.2 192.168.1.2 netmask 255.255.0.0 0 0

static (inside,outside) 192.168.1.4192.168.1.4netmask 255.255.0.0 0 0

What does such static statment means?

Translate 192.168.1.2 on the dmz to 192.168.1.2 on the inside.

What does this accomplish? Is there a way to avoid this completely?

1 REPLY
rj
New Member

Re: Static Non-Translation

Hello,

It looks like the statements are setup to do what is called Identity NAT in v6.3. I have included a link from v6.1 which is a little more descriptive. It is basically allowing you to access resources from a higher security interface on a lower security network without performing NAT. Usually statics are used for the opposite access (lower to higher).

This would be useful if you want to have the inside IP address appear as its original address when accessing DMZ resources.

One thing with your example is the netmask statements should be 255.255.255.255. It would contain a network mask if a network range was specified.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#1026888

RJ

76
Views
0
Helpful
1
Replies