Configuring Inbound Access Through a Cisco Security Appliance
A two-step approach lets connections initiated from lower-security interfaces access highersecurity
interfaces:
Step 1 Network Address Translation
Step 2 Access lists
Static NAT
Static NAT creates a permanent, one-to-one mapping between an address on an internal
network (a higher-security-level interface) and an external network (a lower-security-level
interface) in all Security Appliance versions. For an external host to initiate traffic to an inside
host, a static translation rule needs to exist for the inside host. Without the persistent
translation rule, the translation cannot occur.
The syntax for the static command is as follows:
static [(prenat-interface, postnat-interface)] {mapped-address | interface}
real-address [dns] [netmask mask] [max-conns [emb-limit]] [norandomseq]
Table 7-2 describes the static command parameters.