05-12-2007 02:49 PM - edited 03-11-2019 03:13 AM
Hi There,
If I did the follwing configuration:
static (inside,dmz) 10.1.1.255 10.1.1.255 net 255.255.255.255
Where 10.1.1.0/24 is my inside network and I configured an access-list allowing all the traffic from the DMZ to the inside network. Will the ASA pass traffic destined to the broadcast IP?
Regards,
Haitham
05-12-2007 03:17 PM
Starting with PIX 5.2, the firewall no longer uses network addresses or broadcast addresses in static and global command statements when creating NAT xlate translations. Broadcast addresses are those addresses with the bit pattern of all ones, when the network mask is applied. Network addresses are those addresses with the bit pattern of all zeros, when the network mask is applied.
For example:
global 1 10.1.0.0-10.1.255.255 netmask 255.255.255.0.
With this command, the network addresses 10.1.0.0, 10.1.1.0, 10.1.2.0, and so forth through 10.1.255.0, are excluded. In addition, the broadcast addresses 10.1.0.255, 10.1.1.255, 10.1.2.255, and so forth through 10.1.255.255, are excluded.
Please rate if you are satisfied.
Cheers!
05-12-2007 05:31 PM
Hi,
Ok very good, now if you explicitly put the broadcast IP in a NAT rule like the example in my previous post will the PIX still ignore it?
Regards,
Haitham
05-12-2007 05:41 PM
Yes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide