https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448951#M659789 <HTML><HEAD></HEAD><BODY><P>Kureli beat me to it--please disregard <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P></P><P></P><P></P><P>Hi Subodh,</P><P></P><P>In the scenario you describe, you will want to configure the first static statement (and the corresponding access rules):</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">static (inside,outside) 2.2.2.2 192.168.1.1</PRE><P></P><P>The second line you mentioned would only be used if you wanted to do what is called "outside NAT". With that line, users on the inside would see 2.2.2.2 as an internal IP address, 192.168.1.1.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 10 Aug 2010 12:04:34 GMT mirober2 2010-08-10T12:04:34Z https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448949#M659738 <P>Hi,</P><P>If we have following static commends</P><P></P><P>static (inside,outside) 2.2.2.2&nbsp;&nbsp;&nbsp; 192.168.1.1&nbsp;&nbsp; (&nbsp; Public-routable-ip, private-ip)</P><P></P><P>OR</P><P></P><P>static (outside,inside)&nbsp; 192.168.1.1 2.2.2.2&nbsp; ( private-ip,public-routable-ip)</P><P></P><P>and corresponding permit access-list is configured.&nbsp; Will these commands will have the same effect.</P><P></P><P>As there is always one-to-one mapping. </P><P></P><P>When there is a packet with destination 2.2.2.2 arriving on outside interface&nbsp; then&nbsp; it's destination IP address will be replaced by 192.168.1.1 and</P><P>packet will be forwarded to that host from inside interface.</P><P></P><P>In second static</P><P></P><P>Now, if packet source is 192.168.1.1 and&nbsp; destination can be anything then while packet is exiting the outside interface then it's source ip address will</P><P>be over written by 2.2.2.2 and then packet is forwarded to outside world.</P><P></P><P>is this understanding correct?</P><P></P><P>Appreciate you help.</P><P>Thanks</P><P>Subodh</P> Mon, 11 Mar 2019 18:23:08 GMT https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448949#M659738 bapatsubodh 2019-03-11T18:23:08Z https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448950#M659765 <HTML><HEAD></HEAD><BODY><P>static (inside,outside) 2.2.2.2&nbsp;&nbsp;&nbsp; 192.168.1.1&nbsp;&nbsp; (&nbsp; Public-routable-ip, private-ip)</P><P></P><P>When there is a packet with destination 2.2.2.2 arriving on outside interface&nbsp; then&nbsp; it's destination IP address will be replaced by 192.168.1.1 and</P><P>packet will be forwarded to that host from inside interface.</P><P></P><P>Now, if packet source is 192.168.1.1 and&nbsp; destination can be anything then while packet is exiting the outside interface then it's source ip address will</P><P>be over written by 2.2.2.2 and then packet is forwarded to outside world.</P><P></P><P style="padding: 0px; min-height: 8pt; height: 8pt;">###############################################################</P><P></P><P>static (outside,inside)&nbsp; 192.168.1.1 2.2.2.2&nbsp; ( private-ip,public-routable-ip)</P><P></P><P></P><P>If the source of the packet is 2.2.2.2 its source will be changed to 192.168.1.1 when it enters the inside interface.</P><P></P><P>-KS</P></BODY></HTML> Tue, 10 Aug 2010 12:01:03 GMT https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448950#M659765 Kureli Sankar 2010-08-10T12:01:03Z https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448951#M659789 <HTML><HEAD></HEAD><BODY><P>Kureli beat me to it--please disregard <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P></P><P></P><P></P><P>Hi Subodh,</P><P></P><P>In the scenario you describe, you will want to configure the first static statement (and the corresponding access rules):</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">static (inside,outside) 2.2.2.2 192.168.1.1</PRE><P></P><P>The second line you mentioned would only be used if you wanted to do what is called "outside NAT". With that line, users on the inside would see 2.2.2.2 as an internal IP address, 192.168.1.1.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 10 Aug 2010 12:04:34 GMT https://community.cisco.com/t5/network-security/static-command-doubt/m-p/1448951#M659789 mirober2 2010-08-10T12:04:34Z