Re: Static NAT Confugration Line

jtornea · ‎03-06-2002

I want to do a static translation of a 32 private ip addresses to a 32 valid ip addresses. But if i can, i'd like to avoid 32 config line:

Static (inside,out) out_ip inside_ip netmask ....

to my Pix 535. Anybody can help? Thanks.

bdube · ‎03-07-2002

Hi,

You have the right syntax to make the job done... just complete it with the right netmask. Netmask is applied to both outside & inside addresses, like this :

static (inside,outside) out_ip inside_ip netmask 255.255.255.224

This command, only tell to the PIX how to transalte, it doesn't give right to access. For that, you need an access-list/access-group pair to leave the trafics pass through.

Also, your last digit of your IP address range must be 0, 32, 64, 96, 128, 160, 192 or 224. Combine with the netmask (255.255.255.224) the possible ranges will be:

0 to 31

32 to 63

64 to 95

96 to 127

128 to 159

160 to 191

192 to 223

224 to 255

If your range of actual IP addresses doesn't fit within the previous example, you need to use a larger netmask (64 addresses or more) or use as many static/access-list/access-group as necessary.

Regards

Ben

jtornea · ‎03-07-2002

Hi Ben,

Would this addresses do a static one-to-one translation?

thanks,

jonathan

bdube · ‎03-07-2002

Yes, one-to-one.

jtornea · ‎03-07-2002

thanks