Port based nat on ASA

Unanswered Question
Jul 25th, 2008

I have two diffrent servers in DMZ zone for example and I am running webserver on both on 1st server application is running on port 80 and on second its running on 90.

I want to map it with a single public IP for example when a user type its should go to 1st server and when it should go to second server .

Is it possible if I use

#ip nat inside source static tcp 80 80 extendable

#ip nat inside source static tcp 90 90 extendable

Please let me know or is there any other way to make it work.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Fri, 07/25/2008 - 12:08

The ip nat statements you have mentioned works on Cisco Router not on the ASA.

If you are using a Cisco ASA firewall , then you need to perform NAT and configure Access lsits to allow traffic from Outside to the DMZ. here are the NAT and ACL statements.

static (dmz,Outside) tcp 80 80

static (dmz,Outside) tcp 90 90

access-list out-in permit tcp any host eq 80

access-list out-in permit tcp any host eq 90

access-group out-in in interface Outside

Hope this helps.


This Discussion