Solved: Do I need static if I am not using nat on pix 6.2??

vikrantarora · ‎02-27-2003

I have pix 6.2 and I am not using nat for address translation, all i have nat for is :

nat (inside) 0 access-list 200

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

nat (dmz:2) 0 0.0.0.0 0.0.0.0 0 0

and then i have the following statics configured:

static (inside,outside) LotusSrv LotusSrv netmask 255.255.255.255 0 0

static (inside,outside) mail-81 mail-81 netmask 255.255.255.255 0 0

static (inside,outside) bookstore bookstore netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.81.0 204.142.81.0 netmask 255.255.255.0 0 0

static (dmz:2,outside) venus venus netmask 255.255.255.255 0 0

and a lot more...but not for all the hosts...

Obviuosly , I dont have any global command.

I just want to know that what purpose are these static commands serving, can i remove them and how do i decide that for which hosts do i need to configure static?

mostiguy · ‎02-27-2003

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt

View solution in original post

mostiguy · ‎02-27-2003

Statics expose ip addresses of high security interfaces for lower security ints. Once created, you can then use conduits or access lists to allow access from low ints to high sec. ints. So yes, you need to keep all of those if they are offering services to the outside world.

Matt