https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671247#M536151 <HTML><HEAD></HEAD><BODY><P>Your Welcome <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Wed, 13 Jul 2011 08:35:00 GMT varrao 2011-07-13T08:35:00Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671242#M536146 <P>Hello</P><P></P><P>Inside Network - 192.168.100.0</P><P>DMZ Network&nbsp; - 192.168.200.0</P><P></P><P><SPAN style="color: #333333;">static (inside,dmz) 192.168.100.1&nbsp; access-list inside-dmz-static-nat</SPAN></P><P><SPAN style="color: #333333;">access-list inside_dmz_static_nat extended permit ip host 192.168.100.1 any </SPAN></P><P></P><P>This actually works. But my question is </P><P></P><P>isnt the actual way of doing the same above to be </P><P></P><P><EM>static (dmz,inside) inside_ip access-list inside_to_dmz_static_nat</EM></P><P><EM>access-list inside_dmz_static_nat extended permit ip 192.168.100.1 any</EM></P><P><EM> </EM></P><P>Thanks</P> Mon, 11 Mar 2019 20:58:22 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671242#M536146 sidcracker 2019-03-11T20:58:22Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671243#M536147 <HTML><HEAD></HEAD><BODY><P>Hi Sid,</P><P></P><P>The nats:</P><P>static (inside,dmz) 192.168.100.1&nbsp; access-list inside-dmz-static-nat</P><P>access-list inside_dmz_static_nat extended permit ip host 192.168.100.1 any </P><P></P><P>and </P><P></P><P>static (inside,dmz) 192.168.100.1 192.168.100.1 </P><P></P><P>are equivalent.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Wed, 13 Jul 2011 07:43:58 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671243#M536147 varrao 2011-07-13T07:43:58Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671244#M536148 <HTML><HEAD></HEAD><BODY><P> Hello Varun, </P><P></P><P>So basically we are doing a nat exempt here. Can you confirm this?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 13 Jul 2011 07:57:09 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671244#M536148 sidcracker 2011-07-13T07:57:09Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671245#M536149 <HTML><HEAD></HEAD><BODY><P>Yes, this is called Identity nat.. In NAT exemt, if you are going from a particualr source to a particular destination, you don't want the traffic to be natted, it should be exempted, in this if someone wants to access the server 192.168.100.1, they woudl do it on its own real ip address. Logically they are same. both the nats are a part of Identity Nat. One is called nat-exempt and the other is called self-static identity nat.</P><P></P><P>The difference comes in, the ASA would create an xlate for self-static nat, but there would not be any xlate for nat-exempt.</P><P></P><P>Hope I was able to clear out your doubts.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Wed, 13 Jul 2011 08:12:59 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671245#M536149 varrao 2011-07-13T08:12:59Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671246#M536150 <HTML><HEAD></HEAD><BODY><P> Thanks Varun <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Wed, 13 Jul 2011 08:31:28 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671246#M536150 sidcracker 2011-07-13T08:31:28Z https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671247#M536151 <HTML><HEAD></HEAD><BODY><P>Your Welcome <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Wed, 13 Jul 2011 08:35:00 GMT https://community.cisco.com/t5/network-security/small-confusion-on-static-nat/m-p/1671247#M536151 varrao 2011-07-13T08:35:00Z