Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static ?

I have several public IP addresses that are assigned to our dial-up accounts. They need to access several services on different servers. I am not using NAT and have it turned off with ACL's made. My questions is when i use the static command, can i just use the subnet of the dial-up accounts and map it to the inside subnet or do i have to map it to each individual server. EX:

inside server 192.x.x.5 inside PIX:192.x.x.1 Outside dial-ups:208.x.x.0 and

206.x.x.0

static (inside, outside) 208.x.x.0 192.x.x.0 255.255.255.0 or

static (inside, outside) 208.x.x.0 192.x.x.1 255.255.255.0

Any help would be great.

thanks

mike

2 REPLIES
Silver

Re: static ?

Mike,

Yes, you can use the static command for static translation for complete subnets. The subnetmask within the subnetmask together with the IP address used in the static command defines the subnet which will be static translated.

So, you could use:

static (inside, outside) 208.x.x.0 192.x.x.0 netmask 255.255.255.0

if you want to translate the whole subnet 108.x.x.0 to 192.x.x.0 (24 bits mask)

or you could use:

static (inside, outside) 208.x.x.1 192.x.x.1 netmask 255.255.255.255 (host only)

if you want to translate just one server.

But I'm not sure this is what you mean, cause it's not totally clear to me what you want to achieve. So, please provide us with more detailed information if more help is needed.

Best Regards,

Leo

New Member

Re: static ?

I ended up not using the static command. I had acl built to allow the addresses needed and then turned off nat. I was told since i have this i wont need the static command because the acl's will come before the static command. thanks for your help.

mike

101
Views
0
Helpful
2
Replies
CreatePlease login to create content