Static overrules Nat?

I have two Pix 515s running Pix 5.3 configured for failover, and have one external interface (among six total) over which numerous inside hosts in various subnets connect via static commands. The external address range assigned via those commands is being changed to a new, smaller one. Hence I need to use PAT via nat and global commands. The issue is some of these inside devices (printers) need to retain their one-to-one static assignments while the rest need to use PAT. My question is: if I assign the subnets containing these inside hosts to nat statements, then use global statements to utilize PAT, will the static assignments overrule the nat statements so by simply leaving them in place for the printers, they will not be subject to the PAT assignment via the nat statement for their subnet?


Re: Static overrules Nat?


the static command will overrule the PAT/NAT statement if you specify the ports in the static command.

I am not sure if it will work if you use a static command without port information.

More info on this link:

You will have to use port redirection, but instead of specifying different ports for the public and the private address, use the same port two times.

For example:

static (inside,outside) tcp ftp ftp netmask 0 0

The shared address can be a unique address, a shared outbound PAT address, or shared with the external interface.

Kind Regards,


