TAC Case Collection

FREE TEXT QUERY

GUIDED SEARCH

VIEW ALL SOLUTIONS

Feedback


		Please rate this solution.

		Excellent Good Average Fair Poor



		This solution solved my problem.
		Yes No



		Suggestions for improvement. (Please include your email address if you would like to hear from us).

Search Result

Case Number

K12034496

Title

How to configure static NAT / static PAT command in the PIX, ASA and FWSM

Core issue

This contains the PIX / ASA / Firewall Services Module (FWSM) configuration for static translation.

Resolution

The static command configuration is similar for the PIX Firewall, ASA and FWSM.

The Static NAT command creates a fixed translation of the real address to the mapped address. This command can be used in order to assign a single public IP address to the single local IP address.

Static NAT Example:

hostname(config)#static (inside,outside) 192.168.201.12 10.1.1.3 netmask 255.255.255.255

This command maps an inside IP address (10.1.1.3) to an outside IP address (192.168.201.12).

The Static PAT command can also be used where a single port of the public IP address can be mapped with the single port of the local IP address.

Static PAT Example:

In order to redirect Telnet traffic from the outside interface (10.1.2.14) to the inside host at 10.1.1.15, enter this command:

hostname(config)#static (inside, outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

The static PAT command is the same as static NAT, except it allows for the specification of the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) and the port for the real and mapped addresses.

The static PAT feature can identify the same mapped address across many different static statements, so long as the port is different for each statement.

Note: You cannot use the same real or mapped address in multiple static commands between the same two interfaces. Do not use a mapped address in the static command that is also defined in a global command for the same mapped interface.

Problem Type

Configure

Product Family

Firewall - modules (FWSM)

Firewall - PIX 500 series

ASA Hardware & Software

PIX Software Version

PIX version 7.x

Firewall Services Module (FWSM)

2.3

3.x

ASA Software Version

7.0

7.1

7.2

PIX Model

PIX 500 Series Firewall

ASA Models

ASA 5540

ASA 5500

ASA 5510

ASA 5520

Features & Tasks

Network Address Translation (NAT)

Port Redirection (static PAT)

Selected PIX or Router Commands

static

Direct URL

http://www.ciscotaccc.com/security/showcase?case=K12034496



	© 1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.


	Close Window		TAC Case Collection...Just Solve It!