Static NAT

astanislaus · ‎06-17-2007

When configuring static nat (inside, outside) shouldn't the subnet address usedin the static (inside, outside) command be in the same subnet as the inside or outside interface IP address. One of my customer is saying it doesn't have to be.

satish_zanjurne · ‎06-18-2007

Hi,

1.You use static alongwith access-list for mapping the Hosts which you want to make available to public/partner.

2.It makes sense using the same subnet address as of Outside interface for mapped/global static address.

I have not seen anybody implementing out of this scope,neither i have read it.

astanislaus · ‎06-18-2007

Problem is attached:

After puting the following command customer is seeing ARP Storm.

static (inside,outside) 10.7.0.0 10.7.0.0 netmask 255.255.248.0 0 0

satish_zanjurne · ‎06-18-2007

Hi Pal,

Find below the syntax of static command.

static (real_interface,mapped_interface) {mapped_address | interface} real_address [netmask mask]

Here

real_interface = inside

mapped_interface = outside

mapped_address = 10.254.254.0

real_address = 10.7.0.0

netmask = 255.255.248.0

it becomes

static (inside,outside) 10.254.254.0 10.7.0.0 netmask 255.255.248.0 0 0

Modify your access-list to allow access to 10.254.254.0 as destination.

Hope this is Helpdul