Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
4
Replies

Static NAT Confugration Line

jtornea
Level 1
Level 1

‎03-06-2002 10:03 PM - edited ‎03-08-2019 09:59 PM

I want to do a static translation of a 32 private ip addresses to a 32 valid ip addresses. But if i can, i'd like to avoid 32 config line:

Static (inside,out) out_ip inside_ip netmask ....

to my Pix 535. Anybody can help? Thanks.

Labels:
0 Helpful
4 Replies 4

bdube
Level 2
Level 2

‎03-07-2002 05:53 AM

Hi,

You have the right syntax to make the job done... just complete it with the right netmask. Netmask is applied to both outside & inside addresses, like this :

static (inside,outside) out_ip inside_ip netmask 255.255.255.224

This command, only tell to the PIX how to transalte, it doesn't give right to access. For that, you need an access-list/access-group pair to leave the trafics pass through.

Also, your last digit of your IP address range must be 0, 32, 64, 96, 128, 160, 192 or 224. Combine with the netmask (255.255.255.224) the possible ranges will be:

0 to 31

32 to 63

64 to 95

96 to 127

128 to 159

160 to 191

192 to 223

224 to 255

If your range of actual IP addresses doesn't fit within the previous example, you need to use a larger netmask (64 addresses or more) or use as many static/access-list/access-group as necessary.

Regards

Ben

0 Helpful

jtornea
Level 1
Level 1
In response to bdube

‎03-07-2002 05:43 PM

Hi Ben,

Would this addresses do a static one-to-one translation?

thanks,

jonathan

0 Helpful

bdube
Level 2
Level 2
In response to jtornea

‎03-07-2002 07:43 PM

Yes, one-to-one.

0 Helpful

jtornea
Level 1
Level 1
In response to bdube

‎03-07-2002 09:16 PM

thanks

0 Helpful
Customers Also Viewed These Support Documents