Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
4
Replies

Reg: Nat using Statics

Go to solution
kuldeep.kaur
Level 1
Level 1

‎05-15-2011 04:48 PM - edited ‎03-11-2019 01:33 PM

Hi Guys,

I would like to nat using the static command and I would like to nat 10.180.1.0/24. Will the command syntax will be look like this

static (inside,testdmz) 10.180.1.0 10.180.1.0 netmask 255.255.255.0

Is the above correct ?

Tks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to kuldeep.kaur

‎05-16-2011 09:20 PM

Kuldeep,

Is actually the netmask which tells you if you are translating one host or an entire network:

static (inside,test_DMZ) 192.168.1.0 192.168.1.0 mask 255.255.255.0.

That would translate the subnet

static (inside,test_DMZ) 192.168.1.10 192.168.1.10 mask 255.255.255.255

That would self translate just the host .10, look at the mask.

Also, something to take in consideration, you will need to take the one that covers the subnet if you already added it, so the single self translation ones take effect.

Hope this helps.

Mike

Mike

View solution in original post

0 Helpful
4 Replies 4

Go to solution
varrao
Level 10
Level 10

‎05-15-2011 08:44 PM

Hi Kuldeep,

Yes the Nat is correct, if you are trying to nat the host in the network to their own IP's. This is called self-nat.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
Parminder Sian
Level 1
Level 1

‎05-16-2011 02:00 AM

Hi,


Please have a look at these two doc, might be helpful:-


PIX/ASA 7.x and FWSM: NAT and PAT Statements

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml


PIX/ASA 7.x : Port Redirection(Forwarding) with nat, global, static and access-list Commands

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml


Regards,

Parminder Sian

0 Helpful

Go to solution
kuldeep.kaur
Level 1
Level 1
In response to Parminder Sian

‎05-16-2011 09:02 PM

Hi Guys,

Thanks for the help. I am still a bit confused. Yes I am trying to do self-nat. What I am trying to do (not sure whether possible or not) is:

Say i have ten host on inside from 192.168.1.1 - 192.168.1.10 and they need access to DMZ which also has couple of hosts. Can I do self nat with just one entry

static (inside,test_DMZ) 192.168.1.0 192.168.1.0 mask 255.255.255.0.

With the above statement thw whole subnet range 192.168.1.0/24 is self natted. Am i right ?

Also what is the first ip in the above line means 192.168.1.0 (one host or whole subnet or starting range).

Thank you very much guys.

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to kuldeep.kaur

‎05-16-2011 09:20 PM

Kuldeep,

Is actually the netmask which tells you if you are translating one host or an entire network:

static (inside,test_DMZ) 192.168.1.0 192.168.1.0 mask 255.255.255.0.

That would translate the subnet

static (inside,test_DMZ) 192.168.1.10 192.168.1.10 mask 255.255.255.255

That would self translate just the host .10, look at the mask.

Also, something to take in consideration, you will need to take the one that covers the subnet if you already added it, so the single self translation ones take effect.

Hope this helps.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card