https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357806#M308282 <HTML><HEAD></HEAD><BODY><P><EM>static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?</EM></P><P></P><P>means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.&nbsp; </P><P></P><P>In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100). </P><P></P><P>Jon</P></BODY></HTML> Mon, 25 Nov 2013 23:52:21 GMT Jon Marshall 2013-11-25T23:52:21Z https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357805#M308281 <P>Hello, </P><P></P><P>I inherited a number of ASAs from a former engineer and I am trying to understand some of the configs currently on those ASAs. Can someone help translate this Static NAT statement: static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255? </P><P></P><P>Int VLAN1</P><P>nameif inside </P><P>security-level 100</P><P>ip address 10.254.1.253 255.255.255.0</P><P></P><P>Int VALN3 </P><P>nameif pub_hosts</P><P>security-level 40</P><P>ip address 10.253.1.254 255.255.255.0</P><P></P><P>Much appreciated. </P><P></P><P>Best, ~sK </P> Tue, 12 Mar 2019 03:09:27 GMT https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357805#M308281 sadik.bash 2019-03-12T03:09:27Z https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357806#M308282 <HTML><HEAD></HEAD><BODY><P><EM>static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?</EM></P><P></P><P>means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.&nbsp; </P><P></P><P>In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100). </P><P></P><P>Jon</P></BODY></HTML> Mon, 25 Nov 2013 23:52:21 GMT https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357806#M308282 Jon Marshall 2013-11-25T23:52:21Z https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357807#M308283 <HTML><HEAD></HEAD><BODY><P>Thanks, Jon! </P><P></P><P>That was helpful. </P><P></P><P>Best, ~sK </P></BODY></HTML> Mon, 09 Dec 2013 21:54:52 GMT https://community.cisco.com/t5/network-security/asa-static-nat-g/m-p/2357807#M308283 sadik.bash 2013-12-09T21:54:52Z