Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unclear on destination NAT

I fully understand the alias command, and I have been using it. However I want to use PDM and the alias command is not supported. I've read the document on Destination NAT but I'm still not sure how to convert my alias statments to static statements.

I have a web server on the dmz that I want to be accessed from the inside as it's global IP address (it's actual address is

My alias statement looks like this:

alias (inside) 216.170.X.X

This works fine (although it is annoying that once this statement is in place, I can *ONLY* access it via its global IP and NOT able to access it via its address as I can when the alias statement is not in place)

Can anyone help me understand how to accomplish the same thing with destination NAT static statement since alias command is being retired??


New Member

Re: Unclear on destination NAT

Hello there,

The static statement that would replace your alias statement is as follows:

static (intf2, inside) 216.170.x.x netmask

This says, hide the host on the dmz from the inside using the global address 216.170.x.x.

So if you have a clear xlate and initiate a connection the dmz host from the inside, you should see a translation built from the inside host going to the dmz, even if it is using it's own address. The you should see a translation for the dmz host from the global to the dmz real address. Once both translations get built, the connection will be built as an outbound conection.

Hope this helps,


New Member

Re: Unclear on destination NAT

Dear Marcus,

I don't understand your static command because Cisco Configurtion Documentation says that the first parameter in the static statement must be a high security level interface. The second parameter a low security level interface.