You do not have to have a block assigned to the outside interface that you are planning to nat to. However, yes, while your nat will work, it's technically backwards. There are many ways, by many people, in how they remember it.
static (lower,higher) higher, lower
static (to,from) from,to (the one I use)
Example for nat not assigned to outside interface: (from memory, please excuse any syntax errors)
int g0/0
nameif outside
ip add 2.2.2.2 255.255.255.255.0
!
int G0/1
nameif inside
ip add 1.1.1.1 255.255.255.255.0
!
static (inside,outside) 2.2.2.6 1.1.1.6 netmask 255.255.255.0
!
static (inside,outside) 3.3.3.3 1.1.1.3 netmask 255.255.255.0
!
Both NAT's will work, given that you have a route statement to support it.
route outside 0 0 2.2.2.1
OR
route outside 3.3.3.0 255.255.255.0 2.2.2.1
Hope that helps you out. Oh, and this assumes you are running the easy man's NAT, 8.2.x and lower. ;)
Regards,
Jay McMickle- CCNP,CCSP,CCDP
Sent from iJay
On Apr 3, 2012, at 10:46 PM, Myung-Soo Ko <bacchus21_at_gmail.com> wrote:
> Hello, Group
>
> I have a nat related question.
>
> For example, I configured the following static nat in a firewall.
>
> static(outside, inside) 1.1.1.1 2.2.2.2
>
> This statement means real ip 2.2.2.2 from outside will be translated to
> 1.1.1.1 inside.
>
> In terms of the real ip before translated, is there any restriction?
> Someone told me that pre-translated addresses much be in one of the
> firewall segment, but I think this option is not mandatory.
> I tested in virtual environment, static nat worked fine even if a
> pre-translated address wasn't in one of the firewall segment.
>
> If I'm not right, could anyone advise me?
>
> Thanks in advance,
>
> Regards,
> Myung-Soo
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 03 2012 - 23:06:59 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART