Port based nat on ASA

ajay chauhan · ‎07-25-2008

I have two diffrent servers in DMZ zone for example 192.168.1.1 and 192.168.1.2 I am running webserver on both on 1st server application is running on port 80 and on second its running on 90.

I want to map it with a single public IP for example when a user type http://200.10.10.1:80 its should go to 1st server and when http://200.10.10.1:90 it should go to second server .

Is it possible if I use

#ip nat inside source static tcp 192.168.1.1 80 200.10.10.1 80 extendable

#ip nat inside source static tcp 192.168.1.1 90 200.10.10.1 90 extendable

Please let me know or is there any other way to make it work.

Thanks

dhananjoy chowdhury · ‎07-25-2008

The ip nat statements you have mentioned works on Cisco Router not on the ASA.

If you are using a Cisco ASA firewall , then you need to perform NAT and configure Access lsits to allow traffic from Outside to the DMZ. here are the NAT and ACL statements.

static (dmz,Outside) tcp 200.10.10.1 80 192.168.1.1 80

static (dmz,Outside) tcp 200.10.10.1 90 192.168.1.2 90

access-list out-in permit tcp any host 200.10.10.1 eq 80

access-list out-in permit tcp any host 200.10.10.1 eq 90

access-group out-in in interface Outside

Hope this helps.