ASA NAT one external IP to two internal machines

Unanswered Question
Jul 24th, 2007

Can it be done? I tried to split the IP into ports using static (dmz,outside)tcp external www internal www

ACL works as I tried it with a 1:1 translation, but doesnt with I try it this way. Is there an alternative? The company is short a public IP and needs to have it working this way.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Tue, 07/24/2007 - 14:26

You can configure port redirection to forward traffic based on global IP & port to the appropriate interval server. Here's a small example.

static (dmz,outside) tcp 209.165.201.5 smtp 10.1.1.6 smtp netmask 255.255.255.255

static (dmz,outside) tcp 209.165.201.5 www 10.1.1.3 www netmask 255.255.255.255

HTH

Sundar

tahequivoice Wed, 07/25/2007 - 05:06

HI, When I posted this, the static translations weren't working. After I posted I blew them away and re-entered them one at a time and tested them and they started working. I had them done correctly, but for some odd reason they just refused to work, but work now that I redid them.

rochopra Tue, 07/24/2007 - 14:29

Hi,

static (dmz,outside)tcp external www internal www

This should work fine, make sure you also include ports in ACL like following example:

access-list 101 permit tcp any host external eq www

access-group 101 in interface outside

Also ports for 2 ip addresses should be different.

Hope this helps.

Regards

Rohit

chetankamra Tue, 07/24/2007 - 21:24

Try below command it works

1. Connects outside X.X.X.X on service 8080 to Internal Y.Y.Y.Y on service WWW.

-->(config)# static (inside,outside) tcp X.X.X.X 8080 Y.Y.Y.Y www netmask

255.255.255.255

2. Redirect Telnet requests for X.X.X.X to Y.Y.Y.Y by entering the following command:

--> config)# static (inside,outside) tcp X.X.X.X telnet Y.Y.Y.Y telnet netmask

255.255.255.255

Hope this will help

Actions

This Discussion