ASA NAT one external IP to two internal machines

Unanswered Question
Jul 24th, 2007
User Badges:

Can it be done? I tried to split the IP into ports using static (dmz,outside)tcp external www internal www

ACL works as I tried it with a 1:1 translation, but doesnt with I try it this way. Is there an alternative? The company is short a public IP and needs to have it working this way.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Tue, 07/24/2007 - 14:26
User Badges:
  • Green, 3000 points or more

You can configure port redirection to forward traffic based on global IP & port to the appropriate interval server. Here's a small example.

static (dmz,outside) tcp smtp smtp netmask

static (dmz,outside) tcp www www netmask



tahequivoice Wed, 07/25/2007 - 05:06
User Badges:

HI, When I posted this, the static translations weren't working. After I posted I blew them away and re-entered them one at a time and tested them and they started working. I had them done correctly, but for some odd reason they just refused to work, but work now that I redid them.

rochopra Tue, 07/24/2007 - 14:29
User Badges:
  • Cisco Employee,


static (dmz,outside)tcp external www internal www

This should work fine, make sure you also include ports in ACL like following example:

access-list 101 permit tcp any host external eq www

access-group 101 in interface outside

Also ports for 2 ip addresses should be different.

Hope this helps.



chetankamra Tue, 07/24/2007 - 21:24
User Badges:

Try below command it works

1. Connects outside X.X.X.X on service 8080 to Internal Y.Y.Y.Y on service WWW.

-->(config)# static (inside,outside) tcp X.X.X.X 8080 Y.Y.Y.Y www netmask

2. Redirect Telnet requests for X.X.X.X to Y.Y.Y.Y by entering the following command:

--> config)# static (inside,outside) tcp X.X.X.X telnet Y.Y.Y.Y telnet netmask

Hope this will help


This Discussion