cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
379
Views
0
Helpful
2
Replies

static nat and tcp limits

valsidalv
Beginner
Beginner

Hello,

I'm using Cisco Pix 515E, 8.0(3).

I have two networks - inside and dmz. Inside has sec. level 100, dmz 50. To communicate hosts from inside to dmz I made

static (inside,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 tcp 0 10.

I think that Pix during NAT vindicate NAT-ed IP address on destination interface, so I had on these segments two devices with the same IP address.

Is it true? What is the best solution; disable nat-control and then disable static record?

Many thanks,

Vladislav

2 Replies 2

abinjola
Cisco Employee
Cisco Employee

I am not sure what you mean by "I think that Pix during NAT vindicate NAT-ed IP address on destination interface, "

this is self static rule that you have in place...it will make sure the source is always preserved when you go from inside to dmz.

Hello,

I mean, when embryonic connection threshold is reached, pix acts as proxy and respond with syn-ack.

So when I make static identity NAT, I'm not sure if I will have two same IP address. One - the physical server, two - from which pix respond(after treshold). Becasue I make NAT, where inside IP addresses present on dmz side.

Vladislav

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: