Static NAT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2007 11:49 PM - edited 03-11-2019 03:31 AM
When configuring static nat (inside, outside) shouldn't the subnet address usedin the static (inside, outside) command be in the same subnet as the inside or outside interface IP address. One of my customer is saying it doesn't have to be.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2007 12:55 AM
Hi,
1.You use static alongwith access-list for mapping the Hosts which you want to make available to public/partner.
2.It makes sense using the same subnet address as of Outside interface for mapped/global static address.
I have not seen anybody implementing out of this scope,neither i have read it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2007 02:14 AM
Problem is attached:
After puting the following command customer is seeing ARP Storm.
static (inside,outside) 10.7.0.0 10.7.0.0 netmask 255.255.248.0 0 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2007 04:32 AM
Hi Pal,
Find below the syntax of static command.
static (real_interface,mapped_interface) {mapped_address | interface} real_address [netmask mask]
Here
real_interface = inside
mapped_interface = outside
mapped_address = 10.254.254.0
real_address = 10.7.0.0
netmask = 255.255.248.0
it becomes
static (inside,outside) 10.254.254.0 10.7.0.0 netmask 255.255.248.0 0 0
Modify your access-list to allow access to 10.254.254.0 as destination.
Hope this is Helpdul
