Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
8
Replies

static vs nat/global

Go to solution
ahensel
Level 1
Level 1

‎11-12-2004 12:29 PM - edited ‎03-09-2019 09:26 AM

Excluding an access-list, is there any difference between:

nat (inside) 1 172.16.5.10 net 255.255.255.255

global 1 (outside) 192.168.5.10 net 255.255.255.255

and

static (inside,outside) 1 192.168.5.10 172.16.5.10 net 255.255.255.255

thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to ahensel

‎11-13-2004 01:23 PM

actually static has to be combined with access-list for bi-directional communication.. You are right in a sense that

static = nat/global without access-list

basically the rule is that traffic is allowed from higher to lower security infterface by default

BUT

from lower to higher security communication you need an access-list along with STATIC

Thanks

Nadeem

View solution in original post

0 Helpful
8 Replies 8

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎11-12-2004 02:55 PM

One Major Difference. NAT/Global are for one way traffic from higer to lower security interface

whereas static is for BI-Directional traffic.

0 Helpful

Go to solution
ahensel
Level 1
Level 1
In response to nkhawaja

‎11-12-2004 07:40 PM

Agreed, however, does it not only become bi-directional when the static statement is joined together with an access-list?

0 Helpful

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to ahensel

‎11-13-2004 09:22 AM

do you mean NAT with Access-list?

0 Helpful

Go to solution
ahensel
Level 1
Level 1
In response to nkhawaja

‎11-13-2004 01:02 PM

thanks again for the reply. i guess my question is this; does the static nat statement provide the same function as the one-to-one nat/global statements provided in my example?

thanks.

0 Helpful

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to ahensel

‎11-13-2004 01:10 PM

again, the only difference is that with static NAT , you can have bi-directional communication. but with one-to-one nat/global. only one way communication.

0 Helpful

Go to solution
ahensel
Level 1
Level 1
In response to nkhawaja

‎11-13-2004 01:18 PM

ok, i did not relize you could have bi-directional communication with only a static statement. I was under the assumption that the static statement would need to be combined with an access-list. thanks for the clarification.

0 Helpful

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to ahensel

‎11-13-2004 01:23 PM

actually static has to be combined with access-list for bi-directional communication.. You are right in a sense that

static = nat/global without access-list

basically the rule is that traffic is allowed from higher to lower security infterface by default

BUT

from lower to higher security communication you need an access-list along with STATIC

Thanks

Nadeem

0 Helpful

Go to solution
ahensel
Level 1
Level 1
In response to nkhawaja

‎11-13-2004 01:56 PM

got it. thanks.

0 Helpful
Customers Also Viewed These Support Documents