PIX public/24 ip static mapping means 256 times interfaces static maps?

Discussion in 'Cisco' started by Nieuws Xs4all, May 26, 2005.

  1. Hi there,

    have a pix (525, 6.3.3) securing a public class-C network /24

    Want to get data in and out only based on ACL.
    So want to have this /24 network staticly mapped with no network
    translation whatsoever

    Something like
    static (inside,outside) zz.yy.xx.0 zz.yy.xx.0 netmask 255.255.255.0 0 0

    This is accepted, but seems of no use ( perhaps getting from a higher
    security interface to a lower).
    However a nat 0 rule works for that also

    However when I do

    static (inside,outside) zz.yy.xx.1 zz.yy.xx.1 netmask 255.255.255.255 0 0
    static (inside,outside) zz.yy.xx.2 zz.yy.xx.2 netmask 255.255.255.255 0 0
    static (inside,outside) zz.yy.xx.3 zz.yy.xx.3 netmask 255.255.255.255 0 0

    etc, etc, it does work. I can get from a lower security device to a higher
    security device.

    Since I also got a lot of ( virtual) interfaces, this mean 256 times all
    the interfaces, is a lot of rules.

    I guess i miss something obvious then, don't I?

    Thanks for your time

    Jan-Willem Michels





    I have tried outgoing a nat null rule and with incomming static rules
     
    Nieuws Xs4all, May 26, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.