05-08-2003 07:22 AM - edited 03-09-2019 03:12 AM
I have several public IP addresses that are assigned to our dial-up accounts. They need to access several services on different servers. I am not using NAT and have it turned off with ACL's made. My questions is when i use the static command, can i just use the subnet of the dial-up accounts and map it to the inside subnet or do i have to map it to each individual server. EX:
inside server 192.x.x.5 inside PIX:192.x.x.1 Outside dial-ups:208.x.x.0 and
206.x.x.0
static (inside, outside) 208.x.x.0 192.x.x.0 255.255.255.0 or
static (inside, outside) 208.x.x.0 192.x.x.1 255.255.255.0
Any help would be great.
thanks
mike
05-13-2003 01:52 AM
Mike,
Yes, you can use the static command for static translation for complete subnets. The subnetmask within the subnetmask together with the IP address used in the static command defines the subnet which will be static translated.
So, you could use:
static (inside, outside) 208.x.x.0 192.x.x.0 netmask 255.255.255.0
if you want to translate the whole subnet 108.x.x.0 to 192.x.x.0 (24 bits mask)
or you could use:
static (inside, outside) 208.x.x.1 192.x.x.1 netmask 255.255.255.255 (host only)
if you want to translate just one server.
But I'm not sure this is what you mean, cause it's not totally clear to me what you want to achieve. So, please provide us with more detailed information if more help is needed.
Best Regards,
Leo
05-19-2003 06:51 AM
I ended up not using the static command. I had acl built to allow the addresses needed and then turned off nat. I was told since i have this i wont need the static command because the acl's will come before the static command. thanks for your help.
mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide