Solved: Static vs. NONAT

merryllem · ‎02-03-2010

What is the functional difference between the two for the following scenrio

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

vs

nat (inside) 0 1.1.1.1 255.255.255.255

Those accomplish the same thing. Is there something I'm missing?

Kureli Sankar · ‎02-03-2010

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static

vs

nat (inside) 0 1.1.1.1 255.255.255.255

This can only be sourced from the inside interface going anywhere. This is called nat exemption.

-KS

Collin Clark · ‎02-03-2010

Technically speaking the NAT statement actually does NAT. Granted it NATs to its own address, but it does NAT. With NAT0 is does not NAT at all.

Hope that helps.

Please let Cisco know that these forums are valuable to you!
https://supportforums.cisco.com/docs/DOC-6212

Kureli Sankar · ‎02-03-2010

static (inside,dmz) 1.1.1.1 1.1.1.1 netmask 255.255.255.255

This is only between inside and dmz

This is bi-directional meaning, in addition to the hosts on the inside, hosts in the DMZ can initiate traffic also provided ACLs allow.

This is called identity static

vs

nat (inside) 0 1.1.1.1 255.255.255.255

This can only be sourced from the inside interface going anywhere. This is called nat exemption.

-KS