11-25-2013 03:09 PM - edited 03-11-2019 08:09 PM
Hello,
I inherited a number of ASAs from a former engineer and I am trying to understand some of the configs currently on those ASAs. Can someone help translate this Static NAT statement: static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?
Int VLAN1
nameif inside
security-level 100
ip address 10.254.1.253 255.255.255.0
Int VALN3
nameif pub_hosts
security-level 40
ip address 10.253.1.254 255.255.255.0
Much appreciated.
Best, ~sK
Solved! Go to Solution.
11-25-2013 03:52 PM
static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?
means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.
In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100).
Jon
11-25-2013 03:52 PM
static (inside, pub_hosts) 10.254.1.200 10.254.1.200 netmask 255.255.255.255?
means present the host 10.254.1.200 as the same IP to devices on the pub_hosts subnet. A static like this means that a connection can be initiated from the inside 10.254.1.200 host to devices on the pub_hosts and that a connection can be initiated from a pub_host device to the inside host 10.254.1.200.
In the example above if a pub_hosts device did initiate the connection you would need an acl allowing the traffic due to the pub_hosts interface having a lower security level (40) than the inside interface (100).
Jon
12-09-2013 01:54 PM
Thanks, Jon!
That was helpful.
Best, ~sK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide