Static Translation
Although static translation is not specifically defined as an exam topic, it is very important
for you to know the commands and to understand how static translation works. Static
translation maps a single local address to a single global address. It is most commonly used
when the local node must be accessed from the public space (Internet):
LabPIX(config)# [static] (local_if_name, global_if_name) {global_ip/interface} local_ip
In the following command, the local node 10.10.10.9 is configured to have a global address
of 192.168.0.9. Remember that the static command configures only the address translation.
To allow access to the local node from a lower security level interface, you need to configure
either a conduit or an access list:
LabPIX(config)# static (inside, outside) 192.168.0.9 10.10.10.9
LabPIX(config)# conduit permit tcp host 192.168.0.9 eq www any
or
LabPIX(config)# access-list 101 permit tcp any host 192.168.0.9 eq www
If you are using an access list, you need to create an access group to apply the access list to
the correct interface:
LabPIX(config)# access-group 101 in interface outside
This is the configuration used in Figure 5-6. Note that the node is now accessible from the
Internet.
NOTE Chapter 7 discusses conduits and access lists in greater detail.