Re: static ?

mraisley · ‎05-08-2003

I have several public IP addresses that are assigned to our dial-up accounts. They need to access several services on different servers. I am not using NAT and have it turned off with ACL's made. My questions is when i use the static command, can i just use the subnet of the dial-up accounts and map it to the inside subnet or do i have to map it to each individual server. EX:

inside server 192.x.x.5 inside PIX:192.x.x.1 Outside dial-ups:208.x.x.0 and

206.x.x.0

static (inside, outside) 208.x.x.0 192.x.x.0 255.255.255.0 or

static (inside, outside) 208.x.x.0 192.x.x.1 255.255.255.0

Any help would be great.

thanks

mike

l.mourits · ‎05-13-2003

Mike,

Yes, you can use the static command for static translation for complete subnets. The subnetmask within the subnetmask together with the IP address used in the static command defines the subnet which will be static translated.

So, you could use:

static (inside, outside) 208.x.x.0 192.x.x.0 netmask 255.255.255.0

if you want to translate the whole subnet 108.x.x.0 to 192.x.x.0 (24 bits mask)

or you could use:

static (inside, outside) 208.x.x.1 192.x.x.1 netmask 255.255.255.255 (host only)

if you want to translate just one server.

But I'm not sure this is what you mean, cause it's not totally clear to me what you want to achieve. So, please provide us with more detailed information if more help is needed.

Best Regards,

Leo

mraisley · ‎05-19-2003

I ended up not using the static command. I had acl built to allow the addresses needed and then turned off nat. I was told since i have this i wont need the static command because the acl's will come before the static command. thanks for your help.

mike