cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
935
Views
10
Helpful
6
Replies

PIX Static Translation

b.joanis
Level 1
Level 1

Just a quick question I though I would put out on the table. I have a Pix 515, with a total of four DMZ's. I had to configure STATic mappings across DMZ's for certian servers. Here is my question. There are three types of Static Translations:

Note High and low refer to security levels.

1. static (high,low)low high

2. static (high,low) high high

3. ????

What is the third static confgiuration and what would it be used for.

Thanks in advance

1 Accepted Solution
6 Replies 6

nkhawaja
Cisco Employee
Cisco Employee

Hi,

3rd is

static (low,high) high low

this is called Destination NAT.

Thanks

Nadeem

Thanks

Nadeem, Can you elaborate on this? How and why would this destination NAT static be used? I have seen this in a config but couldn't figure what they were trying to accomplish.

Easy example here is a 3 interface PIX. Let's say you have a webserver on the DMZ interface of the PIX and you want your internal users to be able to access this server via the global address rather than the address configured locally on the box itself. This is fairly common when the DNS reply for the webserver name is a global address. So, in a case like this, you could solve this problem by entering:

static (dmz,inside) 2.2.2.2 10.1.1.1 netmask 255.255.255.255

In this case, the PIX would translate the DESTINATION address from 2.2.2.2 on the inside interface to 10.1.1.1 and place the packet on the DMZ interface. Does this help?

Scott

Gents,

Makes sense. This will come in handy with some of the web projects I have going on now. Any chance anyone can send a web link to Cisco's documentation on this static command.

Thanks,

Brian

Review Cisco Networking for a $25 gift card