Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

Help with static command

ewieczorek
Level 1
Level 1

‎09-15-2002 07:14 AM - edited ‎03-09-2019 12:18 AM

I want to allow all my internal clients the ability to successfully ping anything out on the internet.

I understand the access-list / access-group needed for this. Here is what I have...

access-list 101 permit icmp any host 200.1.1.5 echo-reply

access-list 101 permit icmp any host 200.1.1.5 source-quench

access-list 101 permit icmp any host 200.1.1.5 unreachable

access-list 101 permit icmp any host 200.1.1.5 time-exceeded

access-group 101 in interface outside

What would my static command look like??

Thank you.

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎09-15-2002 09:25 AM

You don't need a static unless the outside (lower security interface) is accessing the inside (higher security interface). In your case your access-list is all you need as statics map local IP address to a global IP address, and you don't need to do that.

You will need a global command that will be the IP that your private IPs will get NAT'ed/PAT'ed into. From your post you will be using PAT.

eg global (outside) 1 200.1.1.5 netmask 255.255.255.224

You also need a nat command that states who will get translated from your private IP into your gloabl IP. From cisco "The nat command lets you enable or disable address translation for one or more internal addresses. Address translation means that when a host starts an outbound connection, the IP addresses in the internal network are translated into global addresses. "

eg. nat (inside) 1 10.0.0.0 255.0.0.0

Hope that helps.

Steve

0 Helpful
Customers Also Viewed These Support Documents