Policy Nat on ASA

Unanswered Question
Aug 20th, 2008
User Badges:

I would like to configure multiple web servers on the DMZ using port 80. Can I use policy nat to translate a single Global IP Address to multiple Local IP Addresses? If yes, what is the proper commands for it?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Wed, 08/20/2008 - 07:48
User Badges:
  • Silver, 250 points or more

Yes you can, but you need to use different ports, Suppose you want to have two URL's , one on port 80 and other on port 81 to the global ip A.B.C.D, then configure like this


static (inside,Outside) tcp A.B.C.D 80 192.168.1.10 80

static (inside,Outside) tcp A.B.C.D 81 192.168.1.20 80


access-list out-in permit tcp any host A.B.C.D eq 80

access-list out-in permit tcp any host A.B.C.D eq 81


access-group out-in in interface Outside

Actions

This Discussion