Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
2
Replies

Multiple Public IPs to single Internal IP

ezuser666
Level 1
Level 1

‎12-24-2007 03:08 PM - edited ‎03-12-2019 05:54 PM

Hey there,

Currently our live web server uses multiple internal IPs that are NAT'd to an equal number of external IPs.

We are planning to take the web server down for maintenance over the new year holiday and need to redirect all these IP's to a single IP address on a temporary web server in order to show a maintenance message.

I cannot figure out hot to get this to work, trying to put multiple Static NAT statements for the same Internal IP reports overlapping errors and what I've read about Policy NAT seems to indicate it not suitable.

Any help would be appreciated, thanks in advance anf Merry Christmas for those who celebrate it.

Labels:
0 Helpful
2 Replies 2

husycisco
Level 7
Level 7

‎12-24-2007 11:35 PM

Hi Lee

So you want the www traffic of multiple external IPs forwarded to one single internal webserver IP correct? Please post your sanitized running config, the external IPs and internal IP you want to configure

Regards

0 Helpful

ezuser666
Level 1
Level 1
In response to husycisco

‎12-26-2007 05:59 AM

Thats absolutely right. What I would like is something like:

199.123.2.10 - 199.123.2.20 -> 192.168.54.10

-- Start of Config ---

asdm image disk0:/asdm-507.bin

asdm location DOWNWEB 255.255.255.255 www-dmz

no asdm history enable

ASA Version 7.0(7)

!

hostname ASAFW1

names

name 192.168.54.10 DOWNWEB description Temporary Web Server

dns-guard

!

interface Ethernet0/0

description Connection to WWW DMZ

nameif www-dmz

security-level 50

ip address 192.168.54.2 255.255.255.0

!

interface Ethernet0/1

description Connection to Outside world

nameif outside

security-level 0

ip address 199.123.2.2 255.255.255.0

!

ftp mode passive

object-group service HTTP-S tcp

description HTTP & HTTPS

port-object eq www

port-object eq https

access-list outside_access_in extended permit tcp any host DOWNWEB eq www

access-list outside_access_in_V1 extended permit tcp any host DOWNWEB eq www

access-list acl_capout extended permit tcp any any eq www

access-list outside_access_in_V2 extended permit tcp any host 199.123.2.10 eq www

access-list outside_access_in_V2 extended permit tcp any host 199.123.2.11 eq www

access-list dmz_www_nat_11 extended permit ip host DOWNWEB any

access-list dmz_www_nat_10 extended permit ip host DOWNWEB any

pager lines 24

logging enable

logging timestamp

logging standby

logging asdm informational

mtu management 1500

mtu www-dmz 1500

mtu outside 1500

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 199.123.2.3

static (www-dmz,outside) 199.123.2.10 access-list dmz_www_nat_10

static (www-dmz,outside) 199.123.2.11 access-list dmz_www_nat_11

access-group outside_access_in_V2 in interface outside

route outside 0.0.0.0 0.0.0.0 199.123.2.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

sysopt noproxyarp management

sysopt noproxyarp www-dmz

!

class-map inspection_default

match default-inspection-traffic

!

-- End of Config ---

Thanks again

Lee

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card