Port based nat on ASA

Unanswered Question
Jul 25th, 2008

I have two diffrent servers in DMZ zone for example 192.168.1.1 and 192.168.1.2 I am running webserver on both on 1st server application is running on port 80 and on second its running on 90.

I want to map it with a single public IP for example when a user type http://200.10.10.1:80 its should go to 1st server and when http://200.10.10.1:90 it should go to second server .

Is it possible if I use

#ip nat inside source static tcp 192.168.1.1 80 200.10.10.1 80 extendable

#ip nat inside source static tcp 192.168.1.1 90 200.10.10.1 90 extendable

Please let me know or is there any other way to make it work.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Fri, 07/25/2008 - 12:08

The ip nat statements you have mentioned works on Cisco Router not on the ASA.

If you are using a Cisco ASA firewall , then you need to perform NAT and configure Access lsits to allow traffic from Outside to the DMZ. here are the NAT and ACL statements.

static (dmz,Outside) tcp 200.10.10.1 80 192.168.1.1 80

static (dmz,Outside) tcp 200.10.10.1 90 192.168.1.2 90

access-list out-in permit tcp any host 200.10.10.1 eq 80

access-list out-in permit tcp any host 200.10.10.1 eq 90

access-group out-in in interface Outside

Hope this helps.

Actions

This Discussion