Solved: Better to use static translations with or without port address?

John Blakley · ‎03-27-2009

I'm creating statics like:

static (dmz,outside) public dmz mask

I thought I would just open the ports in the acl, but I know I can do something like:

static (dmz,outside) public ip 80 dmz ip 80 netmask

Is this the "better" way of doing it, or does it really matter?

Thanks,

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎03-27-2009

John

Others may differ but i only use ports in the static statement when i am doing port forwarding ie. using the same public IP to forward to multiple private IP addresses on different ports.

Otherwise i just use a static and tie down the access with acl entries. NAT should not really be relied upon for security.

Jon

View solution in original post

Jon Marshall · ‎03-27-2009

John

Others may differ but i only use ports in the static statement when i am doing port forwarding ie. using the same public IP to forward to multiple private IP addresses on different ports.

Otherwise i just use a static and tie down the access with acl entries. NAT should not really be relied upon for security.

Jon

John Blakley · ‎03-27-2009

Okay, that's what I'm doing. I have a single public address that's forwarding on different ports to different hosts (some in dmz and some on the inside). I've had to use port translation on those.

Thanks Jon!

John

HTH, John *** Please rate all useful posts ***