cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
557
Views
0
Helpful
1
Replies

Do I need static if I am not using nat on pix 6.2??

vikrantarora
Level 1
Level 1

I have pix 6.2 and I am not using nat for address translation, all i have nat for is :

nat (inside) 0 access-list 200

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

nat (dmz:2) 0 0.0.0.0 0.0.0.0 0 0

and then i have the following statics configured:

static (inside,outside) LotusSrv LotusSrv netmask 255.255.255.255 0 0

static (inside,outside) mail-81 mail-81 netmask 255.255.255.255 0 0

static (inside,outside) bookstore bookstore netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.81.0 204.142.81.0 netmask 255.255.255.0 0 0

static (dmz:2,outside) venus venus netmask 255.255.255.255 0 0

and a lot more...but not for all the hosts...

Obviuosly , I dont have any global command.

I just want to know that what purpose are these static commands serving, can i remove them and how do i decide that for which hosts do i need to configure static?

1 Accepted Solution

Accepted Solutions

mostiguy
Level 6
Level 6

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt

View solution in original post

1 Reply 1

mostiguy
Level 6
Level 6

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt

Review Cisco Networking for a $25 gift card