Multiple Public IPs to single Internal IP

Unanswered Question
Dec 24th, 2007
User Badges:

Hey there,


Currently our live web server uses multiple internal IPs that are NAT'd to an equal number of external IPs.


We are planning to take the web server down for maintenance over the new year holiday and need to redirect all these IP's to a single IP address on a temporary web server in order to show a maintenance message.


I cannot figure out hot to get this to work, trying to put multiple Static NAT statements for the same Internal IP reports overlapping errors and what I've read about Policy NAT seems to indicate it not suitable.


Any help would be appreciated, thanks in advance anf Merry Christmas for those who celebrate it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Mon, 12/24/2007 - 23:35
User Badges:
  • Gold, 750 points or more

Hi Lee

So you want the www traffic of multiple external IPs forwarded to one single internal webserver IP correct? Please post your sanitized running config, the external IPs and internal IP you want to configure


Regards

ezuser666 Wed, 12/26/2007 - 05:59
User Badges:

Thats absolutely right. What I would like is something like:


199.123.2.10 - 199.123.2.20 -> 192.168.54.10


-- Start of Config ---


asdm image disk0:/asdm-507.bin

asdm location DOWNWEB 255.255.255.255 www-dmz

no asdm history enable

ASA Version 7.0(7)

!

hostname ASAFW1

names

name 192.168.54.10 DOWNWEB description Temporary Web Server

dns-guard

!

interface Ethernet0/0

description Connection to WWW DMZ

nameif www-dmz

security-level 50

ip address 192.168.54.2 255.255.255.0

!

interface Ethernet0/1

description Connection to Outside world

nameif outside

security-level 0

ip address 199.123.2.2 255.255.255.0

!

ftp mode passive

object-group service HTTP-S tcp

description HTTP & HTTPS

port-object eq www

port-object eq https

access-list outside_access_in extended permit tcp any host DOWNWEB eq www

access-list outside_access_in_V1 extended permit tcp any host DOWNWEB eq www

access-list acl_capout extended permit tcp any any eq www

access-list outside_access_in_V2 extended permit tcp any host 199.123.2.10 eq www

access-list outside_access_in_V2 extended permit tcp any host 199.123.2.11 eq www

access-list dmz_www_nat_11 extended permit ip host DOWNWEB any

access-list dmz_www_nat_10 extended permit ip host DOWNWEB any

pager lines 24

logging enable

logging timestamp

logging standby

logging asdm informational

mtu management 1500

mtu www-dmz 1500

mtu outside 1500

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 199.123.2.3

static (www-dmz,outside) 199.123.2.10 access-list dmz_www_nat_10

static (www-dmz,outside) 199.123.2.11 access-list dmz_www_nat_11

access-group outside_access_in_V2 in interface outside

route outside 0.0.0.0 0.0.0.0 199.123.2.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

sysopt noproxyarp management

sysopt noproxyarp www-dmz

!

class-map inspection_default

match default-inspection-traffic

!

-- End of Config ---


Thanks again


Lee



Actions

This Discussion