10-26-2004 12:15 AM - edited 03-09-2019 09:13 AM
I'm reading an articel at
and I'm confused because below statment:
static (inside,outside) 192.168.128.3 10.1.1.3 netmask 255.255.255.255 0 0
The explaination for this statement is this:
"Create an inbound access address on the outside of the intranet on the 192.168.128.0 network so that the 10.1.1.3 server on PIX Firewall 1 is accessible from that network."
Can someone please confirm if this statement is correct? Thanks.
10-26-2004 04:36 AM
The statement is correct, though I understand your confusion.
static (inside,outside)
the other way around is also OK:
static (outside,inside)
Best way to see this is:
If the recieving host is on the inside, use the first command (publish the host on the outside). If the recieving host is on the outside use the latter command (publish the host on the inside).
It doesn't really matter though, which one you use. But do not mix them unless you are an expert.
10-26-2004 04:37 AM
Hi,
Yes the statement is correct, the static translation is allowing 192.168.128.3 (outside address/public) to access IP 10.1.1.3 (Inside address/private). As an example if I wanted to allow SMTP traffic to a inside mail server I would do the following:
1. Create an ACL for my outside interface to allow the public IP to access my network on port 25 (smtp)
> access-list smtp permit tcp any host 192.168.128.3 eq smtp
2. Now I need to map or statically translate that public IP address to my private IP (10.1.1.3) for port 25 (mail server)
> static (inside,outside) tcp 192.168.128.3 smtp 10.1.1.3 smtp netmask 255.255.255.255 0 0
I hope this helps.
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide