Nat static with asa 5520

Answered Question
Dec 15th, 2008

Hi, all


I have the following situation

The following rules of static nat


static (inside, outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

static (inside, outside) tcp 200.200.200.200 8080 10.0.0.200 80 netmask 255.255.255.255


I would like to redirect all packages destined for port 8080 and 80 of ip address 200.200.200.200,

to the private IP address 10.0.0.200 on port 80.


I tried to do that the ASA says that there is already a rule, there is some way it be done?


regards.

Correct Answer by JORGE RODRIGUEZ about 8 years 2 months ago

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.


you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.



static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255



see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml


regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Mon, 12/15/2008 - 17:59

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.


you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.



static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255



see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml


regards


r-barbosa Tue, 12/16/2008 - 12:06

hi,


I found another solution with the help of tac cisco.


access-list policy1 permit tcp host 10.0.0.201 eq 80 any

access-list policy2 permit tcp host 10.0.0.201 eq 80 any

static (inside,outside) tcp 200.200.200.200 80 access-list policy1

static (inside,outside) tcp 200.200.200.200 8080 access-list policy2


regards

Actions

This Discussion