Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
281
Views
0
Helpful
1
Replies

Static Non-Translation

j_mensah
Level 1
Level 1

‎12-16-2003 06:20 AM - edited ‎03-09-2019 05:53 AM

Can anyone point me to the right place to read more about this? I can't seem to get any better documentation on this.

static (inside,dmz) 192.168.1.2 192.168.1.2 netmask 255.255.0.0 0 0

static (inside,outside) 192.168.1.4192.168.1.4netmask 255.255.0.0 0 0

What does such static statment means?

Translate 192.168.1.2 on the dmz to 192.168.1.2 on the inside.

What does this accomplish? Is there a way to avoid this completely?

Labels:
0 Helpful
1 Reply 1

rj
Level 1
Level 1

‎12-16-2003 04:50 PM

Hello,

It looks like the statements are setup to do what is called Identity NAT in v6.3. I have included a link from v6.1 which is a little more descriptive. It is basically allowing you to access resources from a higher security interface on a lower security network without performing NAT. Usually statics are used for the opposite access (lower to higher).

This would be useful if you want to have the inside IP address appear as its original address when accessing DMZ resources.

One thing with your example is the netmask statements should be 255.255.255.255. It would contain a network mask if a network range was specified.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#1026888

RJ

0 Helpful
Customers Also Viewed These Support Documents