03-30-2005 12:05 AM - edited 03-09-2019 10:47 AM
Pls anyone can explain about NAT 0 usage with example.
What does the below do exactly
static (inside, dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0
03-30-2005 12:19 AM
Your example is not a NAT 0 - it's just a static translation between all the 10.1.10.0/24 subnet hosts from inside to dmz...
03-30-2005 12:51 AM
Hello,
Both commands are referred to as "Identity NAT".
The command:
static (inside, dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0
allows inside hosts' ip addresses to appear on the dmz unchanged. And also allows hosts on the dmz to initiate connections to the inside if an access-list is configured, e.g (say dmz is 192.168.1.0):
access-list acl_dmz1 permit tcp 192.168.1.0 255.255.255.0 host 10.1.1.1
"nat 0" does the same thing. The difference is that hosts on the dmz will not be able to initiate connections to the inside, even with an access-list configured to allow such connections.
Reference:
nat 0 (Identity NAT)
HTH
Mustafa
03-30-2005 05:11 PM
actually there are two sorts of nat 0 .
identiy nat and exemption nat.
but the doc you have provided should be more than enough :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide