Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
3
Replies

combining dynamic and static nat

Go to solution
lcaruso
Level 6
Level 6

‎07-26-2011 03:28 PM - edited ‎03-11-2019 02:03 PM

Hi,

Can someone please tell me what this statement does in combining dynamic and static nat in this manner? 

nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d

Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎07-26-2011 08:12 PM

Hi Icaruso,

Let me give it a try , the statement:

nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d

The purpose of this nat is u-turning the traffic on outside interface, if traffic from source

DM_INLINE_NETWORK going to the destination obj-a.b.c.d, should be dynamically patted to your outside interface.

In this Nat statement, the source is dynamically patted to outside interface and the destination is statically mapped to itself. If any traffic from DM_INLINE_NETWORK hits your outside interface, it would be u-turned and then patted to your outside interface, so the destination woudl see the packets coming from your outside IP.

Let me know if this helps, if you ahve any other queries, do post.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to lcaruso

‎07-27-2011 08:30 AM

Hi Icaruso,

Yes the DM_INLINE_NETWORK is an object which might include a whole network and why we are using source dynamic is because, for all the host in the object, the destination would see the request coming from the inside interface of your firewall, so that is the reason for it.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
3 Replies 3

Go to solution
varrao
Level 10
Level 10

‎07-26-2011 08:12 PM

Hi Icaruso,

Let me give it a try , the statement:

nat (outside,outside) source dynamic DM_INLINE_NETWORK interface destination static obj-a.b.c.d obj-a.b.c.d

The purpose of this nat is u-turning the traffic on outside interface, if traffic from source

DM_INLINE_NETWORK going to the destination obj-a.b.c.d, should be dynamically patted to your outside interface.

In this Nat statement, the source is dynamically patted to outside interface and the destination is statically mapped to itself. If any traffic from DM_INLINE_NETWORK hits your outside interface, it would be u-turned and then patted to your outside interface, so the destination woudl see the packets coming from your outside IP.

Let me know if this helps, if you ahve any other queries, do post.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to varrao

‎07-27-2011 08:18 AM

Hi Varun,

Thanks for your reply.

I guess I didn't understand the need for source dynamic.

Is that because DM_INLINE_NETWORK is actually an object with a list of several networks, so dynamic makes it possible to put all of them into one nat statement?

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to lcaruso

‎07-27-2011 08:30 AM

Hi Icaruso,

Yes the DM_INLINE_NETWORK is an object which might include a whole network and why we are using source dynamic is because, for all the host in the object, the destination would see the request coming from the inside interface of your firewall, so that is the reason for it.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card