Hi,

Thanks for your reply. Is my rule for Static PAT right or i need to
specify TCP/UDP ports to do a PAT? Is it possible to translate multiple ip's
from inside to a single ip outside using static. Please let me know since i
couldn't find in Cisco Docs saying any Static PAT like that rather they do
perform redirection on ports.


kevin horvath wrote:
>
> to clarify,
>
> Traffic initiated from the inside (10 net) will map to itself
> (identity nat), unless it is tcp traffic destined for 1.1.1.1 then it
> will map to 1.1.1.2.
>
> Traffic initiated from the outside to the inside will not matter since
> this is where there is no overlapping as the above scenario. Here
> traffic destined for 10.x will be translated to itself. The policy
> nat in this scenario does not allow traffic initiated from a lower
> security interface to a higher security interface as it can only be
> done via nat exemption, identity nat, or static nat/pat. I think this
> is where the confusion was. Only local traffic can be translated with
> Policy NAT (thanks for catching my typo above) not global.
>
> hope this clarifies things.
>
> Kevin
>
>> >
>> > >
>> > > On 11/6/07, sivakumar wrote:
>> > > >
>> > > > Hi,
>> > > >
>> > > > access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1
>> > > >
>> > > > static(inside,ouside) 1.1.1.2 access-list rule1 0 0
>> > > > static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
>> > > >
>> > > > Please tell me which statement will take precedence - policy NAT ot

>> Static
>> > > > NAT..
>> > > >
>> > > > --
>> > > > View this message in context:

>> http://www.nabble.com/NAT-order-help...html#a13548213
>> > > > Sent from the Firewall Wizards mailing list archive at Nabble.com.
>> > > >
>> > > > _______________________________________________
>> > > > firewall-wizards mailing list
>> > > > firewall-wizards@listserv.icsalabs.com
>> > > > https://listserv.icsalabs.com/mailma...rewall-wizards
>> > > >
>> > >
>> > >
>> > > --
>> > > Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
>> > > http://www.algosec.com
>> > > ******* Firewall Management Made Smarter ******
>> > > _______________________________________________
>> > > firewall-wizards mailing list
>> > > firewall-wizards@listserv.icsalabs.com
>> > > https://listserv.icsalabs.com/mailma...rewall-wizards
>> > >
>> > _______________________________________________
>> > firewall-wizards mailing list
>> > firewall-wizards@listserv.icsalabs.com
>> > https://listserv.icsalabs.com/mailma...rewall-wizards
>> >

>>
>>
>> --
>> Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
>> http://www.algosec.com
>> ******* Firewall Management Made Smarter ******
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailma...rewall-wizards
>>

> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>


--
View this message in context: http://www.nabble.com/NAT-order-help...html#a13746694
Sent from the Firewall Wizards mailing list archive at Nabble.com.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards