NAT on ASA 5510

Unanswered Question
Mar 20th, 2007
User Badges:

Hi,


I have the following requirement....


I would like to NAT 3 public ip addresses to one inside ip address and same destination port.

What I mean is.... say for example I have the following 3 public ip address 85.x.x.1, 85.x.x.2 & 85.x.x.3.... so whenever anybody from internet trys to access 85.x.x.1-3 on say tcp port number 25 it should get translated to the one single inside ip 10.x.x.10 tcp port 25....


Hope my requirement is clear...


How to acheive this ?? anybody suggest me on this pls...


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vernon-lee Tue, 03/20/2007 - 07:36
User Badges:

This should be simple enough. Do you want to send ports to different internal servers? or a simple one to one nat?


if you want a simple one to one nat, just click on the NAT tab on the configuration screen, and create a nat from the Private IP to the Public or External IP. You should be able to make as many as you want.


If you want to route say port 25 to a different server, and have say port 80 go to a different server, the process is simular, however use the PAT "Port Address Translation" checkbox.


I hope this helps.

acomiskey Tue, 03/20/2007 - 07:46
User Badges:
  • Green, 3000 points or more

If you attempt the following...


static (inside,outside) 85.x.x.1 10.x.x.10 netmask 255.255.255.255

static (inside,outside) 85.x.x.2 10.x.x.10 netmask 255.255.255.255


or


static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 smtp 10.x.x.10 smtp netmask 255.255.255.255


you will receive this "ERROR: duplicate of existing static".

rv_viji Tue, 03/20/2007 - 22:01
User Badges:

Hi,


Yes acomiskey, I'm getting the same error and I really want to acheive the same as you had mentioned.... so whats the way out to solve this issue....


It would be of really a great help if someone help me to solve this issue....


Thanks



acomiskey Wed, 03/21/2007 - 08:27
User Badges:
  • Green, 3000 points or more

Not sure that you can do that, but you can do this..


static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 www 10.x.x.10 www netmask 255.255.255.255


Hi,


I'm running the same limitation, where my customer has only one SPAM/Relay, wich is the Barracuda that serves two different domains, so each domain has a unique MX, lets say IP "1.1.1.1" for domain "A.COM" and IP "2.2.2.2" for domain "B.COM".


So I tried exactly the same, doing:


static (inside,outside) tcp 1.1.1.1 25 X.X.X.X 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp 2.2.2.2 25 X.X.X.X 25 netmask 255.255.255.255 0 0


In this case, run the MX on different IPs is required to do right reverse DNS lookups.


So, the idea is to have one local IP being NATed to two global IPs.


Today, he haves a linux based firewall that allows it, so is very complicated to explain why Cisco can?t do that...


If you found some solution, please notify me.

Actions

This Discussion