Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
3
Replies

NAT 0

arumugasamy
Level 1
Level 1

‎03-30-2005 12:05 AM - edited ‎03-09-2019 10:47 AM

Pls anyone can explain about NAT 0 usage with example.

What does the below do exactly

static (inside, dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

Labels:
0 Helpful
3 Replies 3

paolob
Level 1
Level 1

‎03-30-2005 12:19 AM

Your example is not a NAT 0 - it's just a static translation between all the 10.1.10.0/24 subnet hosts from inside to dmz...

0 Helpful

mhussein
Level 4
Level 4

‎03-30-2005 12:51 AM

Hello,

Both commands are referred to as "Identity NAT".

The command:

static (inside, dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

allows inside hosts' ip addresses to appear on the dmz unchanged. And also allows hosts on the dmz to initiate connections to the inside if an access-list is configured, e.g (say dmz is 192.168.1.0):

access-list acl_dmz1 permit tcp 192.168.1.0 255.255.255.0 host 10.1.1.1

"nat 0" does the same thing. The difference is that hosts on the dmz will not be able to initiate connections to the inside, even with an access-list configured to allow such connections.

Reference:

nat 0 (Identity NAT)

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1032129

HTH

Mustafa

0 Helpful

davecs
Level 1
Level 1
In response to mhussein

‎03-30-2005 05:11 PM

actually there are two sorts of nat 0 .

identiy nat and exemption nat.

but the doc you have provided should be more than enough :)

0 Helpful
Customers Also Viewed These Support Documents