Popular
Latest Articles
- How to Secure your Cisco Router
- Creating CLI Views on a Cisco Router
- Configuring TACACS+ on a Cisco Router
- How to enable SDM on your router
- Build a Samba Server on Redhat / CentOS
- How to set the Time / Date and Timezone in CentOS
- How to install SSH on Solaris 10 x86
- ESX4 - How do I turn on/off a Virtual Machine from the command line ?
PIX - Static NAT
Wednesday, 28 May 2008 22:09
When going from a lower security level to a higher we need 2 things, a Static NAT (*see end of page) and a permit on a ACL entry.
Examples
If we wanted to access our Webserver via the outside interface (example access to a DMZ PC via a public IP)
static (dmz,outside) [NAT_IP] [Real_IP]
If we want to access a internal host via the dmz interface (example access a internal host from a DMZ server)
static (inside,dmz) [NAT_IP] [Real_IP]
Below is an example of static NAT for FTP when using the outside interface with DHCP address assigned to it.
static (dmz,outside) tcp interface ftp 172.16.1.50 ftp netmask 255.255.255.255
static (dmz,outside) tcp interface ftp-data 172.16.1.50 ftp-data netmask 255.255.255.255
NAT Control
Note : We only need a static NAT when "nat control" has been enabled. This can be checked by running the command sh run nat-control. This is enabled by default. To disable run no nat-control.