Cisco PIX 520 - PIX Firewall 520 Online Help Manual page 133

PDM: warn
C-2-2 PAT first
static (inside,outside) tcp 1.1.1.1 80 1.1.1.1 8080 netmask 255.255.255.255
static (inside,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.0
PIX: accept
PDM: warn
D. Static PAT and dynamic NAT. Similar to C, overlapping between static PAT and dynamic NAT creates
unpredictable address translation on the PIX Firewall, although overlapping between normal static and dynamic
NAT is fine and causes no problem.
D-1 overlap with nat 0
nat (inside) 0 0 0
static (inside,outside) tcp 2.2.2.1 80 1.1.1.1 8080 netmask 255.255.255.255
or
static (inside,outside) tcp 1.1.1.1 80 1.1.1.1 8080 netmask 255.255.255.255
PIX: accept
PDM: warn
D-2 overlap with dynamic nat
nat (inside) 1 0 0
global (outside) 1 2.2.2.1-2.2.2.100
static (inside,outside) tcp 2.2.2.101 80 1.1.1.1 8080 netmask 255.255.255.255
PIX: accept
PDM: warn
E. Between different pairs of local/global interfaces.
static (inside,outside) 3.3.3.1 3.3.3.1 netmask 255.255.255.255 0 0
static (intf2,outside) 3.3.3.1 2.2.2.1 netmask 255.255.255.255 0 0
PIX: accept
PDM: reject
Copyright © 2001 Cisco Systems, Inc.