Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
5
Helpful
5
Replies

Multiple PIX Statics

marcus.nutting
Level 1
Level 1

‎02-15-2005 04:48 AM - edited ‎02-20-2020 11:57 PM

Hi all,

Does the PIX 'static' command use a shortest-match-first rule, in a similar way to route table lookups?

For example is this a valid configurattion for two-way static:

----------------SNIP-------------------

static (DMZ,outside) 10.11.1.0 10.11.1.0 netmask 255.255.255.0 0 0

static (inside,outside) 10.11.0.0 10.11.0.0 netmask 255.255.0.0 0 0

----------------SNIP-------------------

Where 10.11.1.0/24 is the DMZ network?

Thanks,

0 Helpful
5 Replies 5

sachin
Level 1
Level 1

‎02-15-2005 06:21 AM

With PIX version 6.2 , PIX doesnot go with best match rule like route table lookup, it does like which ever comes first So if u want to match a specific entry then put it above the less specific entry.As you have that entry in above example so all 10.11.1.0 will be matched first.

But suppose if you put like this --

static (inside,outside) 10.11.0.0 10.11.0.0 netmask 255.255.0.0 0 0

static (DMZ,outside) 10.11.1.0 10.11.1.0 netmask 255.255.255.0 0 0

Then it will get matched with first one always.

HTH.

Regards,

Sachin Jain

marcus.nutting
Level 1
Level 1
In response to sachin

‎02-15-2005 07:42 AM

Hi thanks for the reply,

Is that the same for FWSM 2.3(1)?

Also, how do I insert statics above existing statics in a production config?

I don't want to rremove the existing line:

---------------

static (inside,outside) 10.11.0.0 10.11.0.0 netmask 255.255.0.0 0 0

---------------

Regards,

0 Helpful

scoclayton
Level 7
Level 7
In response to marcus.nutting

‎02-15-2005 07:59 AM

Yes, the same rule applies to both PIX software as well as FWSM software. First match in the list wins with static statements.

Unfortunately, there is no way to add static statements higher in the list without re-applying them in the order you want. The existing translations are not cleared by removing the statics statements. You would need to issue a 'clear xlate' to clear the existing translations.

Scott

0 Helpful

scoclayton
Level 7
Level 7
In response to marcus.nutting

‎02-15-2005 08:00 AM

Yes, the same rule applies to both PIX software as well as FWSM software. First match in the list wins with static statements.

Unfortunately, there is no way to add static statements higher in the list without re-applying them in the order you want. The existing translations are not cleared by removing the statics statements. You would need to issue a 'clear xlate' to clear the existing translations.

Scott

0 Helpful

sachin
Level 1
Level 1
In response to scoclayton

‎02-16-2005 12:53 AM

Please give ratings It will help others also.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card