ASA NAT one external IP to two internal machines

tahequivoice · ‎07-24-2007

Can it be done? I tried to split the IP into ports using static (dmz,outside)tcp external www internal www

ACL works as I tried it with a 1:1 translation, but doesnt with I try it this way. Is there an alternative? The company is short a public IP and needs to have it working this way.

sundar.palaniappan · ‎07-24-2007

You can configure port redirection to forward traffic based on global IP & port to the appropriate interval server. Here's a small example.

static (dmz,outside) tcp 209.165.201.5 smtp 10.1.1.6 smtp netmask 255.255.255.255

static (dmz,outside) tcp 209.165.201.5 www 10.1.1.3 www netmask 255.255.255.255

HTH

Sundar

tahequivoice · ‎07-25-2007

HI, When I posted this, the static translations weren't working. After I posted I blew them away and re-entered them one at a time and tested them and they started working. I had them done correctly, but for some odd reason they just refused to work, but work now that I redid them.

rochopra · ‎07-24-2007

Hi,

static (dmz,outside)tcp external www internal www

This should work fine, make sure you also include ports in ACL like following example:

access-list 101 permit tcp any host external eq www

access-group 101 in interface outside

Also ports for 2 ip addresses should be different.

Hope this helps.

Regards

Rohit

chetankamra · ‎07-24-2007

Try below command it works

1. Connects outside X.X.X.X on service 8080 to Internal Y.Y.Y.Y on service WWW.

-->(config)# static (inside,outside) tcp X.X.X.X 8080 Y.Y.Y.Y www netmask

255.255.255.255

2. Redirect Telnet requests for X.X.X.X to Y.Y.Y.Y by entering the following command:

--> config)# static (inside,outside) tcp X.X.X.X telnet Y.Y.Y.Y telnet netmask

255.255.255.255

Hope this will help