Policy NAT

Unanswered Question
Jan 12th, 2009

Hi All,

i am trying to prepare for exam and i'm bit stuck with this scenario in my lab. Could someone help me with this? I'm trying to nat one outside global ip address and tcp port to two different inside server based on source ip address.

I have two user pools and and all users are set to use proxy server That proxy sever was nated on FWSM to, but now i want to split the load and want to nat one user subnet ( to and second user subnet to

What i did is i've configured two access-list's


access-list permit tcp host eq 8080 eq 8080


access-list permit tcp host eq 8080 eq 8080

i can apply one static:

static (inside,outside) tcp 8080 access-list ACL1

fwsm accepts this command but when i try to apply second static:

static (inside,outside) tcp 8080 access-list ALC2

i'm getting error that global already used.

What am i doing wrong here?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sdoremus33 Thu, 01/15/2009 - 11:15

You can try these configs

Assuming that the src traffic is dst is

access-list Policy10 x.x.x.x y.y.y.y where x.x.x.x is the src/subnet and y.y.y.y is the dest

static (inside,outside) access-list Policy10

access-list Policy20 x.x.x.x y.y.y.y where x.x.x.x= src of traffic and y.y.y.y dest of trafic

static (insode,outside) access-list Policy20

This means that xlate when the access-list triggers (src,dst) of traffic


This Discussion