As aaron mentioned, this works fine. Since you're routing a block towards the firewall, you can use all of the addresses as well.
Sent from handheld
On Apr 4, 2012, at 8:59 AM, "Aaron" <aaron1_at_gvtc.com> wrote:
> I have a PIX FW with some static nat statements in it and some of the real
> ip's are not part of the pix's directly connected segments.
>
> Aaron
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Myung-Soo Ko
> Sent: Tuesday, April 03, 2012 10:46 PM
> To: Cisco certification
> Subject: NAT related question
>
> Hello, Group
>
> I have a nat related question.
>
> For example, I configured the following static nat in a firewall.
>
> static(outside, inside) 1.1.1.1 2.2.2.2
>
> This statement means real ip 2.2.2.2 from outside will be translated to
> 1.1.1.1 inside.
>
> In terms of the real ip before translated, is there any restriction?
> Someone told me that pre-translated addresses much be in one of the firewall
> segment, but I think this option is not mandatory.
> I tested in virtual environment, static nat worked fine even if a
> pre-translated address wasn't in one of the firewall segment.
>
> If I'm not right, could anyone advise me?
>
> Thanks in advance,
>
> Regards,
> Myung-Soo
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Apr 04 2012 - 13:11:40 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART