cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
494
Views
0
Helpful
6
Replies

ASA

jmcneal
Level 1
Level 1

Can anyone let me know if I can nat 1 external ip to 3 internal ips? I have a client who wants to remote in on 3 different boxes on 1 ip address using idfferent port numbers.

Thanks for any help.

6 Replies 6

JamesLuther
Level 3
Level 3

Hi,

This document shoud give you what you need

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t10

See the section called port redirection

Regards

Here is an example config

static (inside,outside) tcp 195.1.1.1 2001 10.1.1.1 ssh netmask 255.255.255.255

static (inside,outside) tcp 195.1.1.1 2002 10.1.1.2 ssh netmask 255.255.255.255

static (inside,outside) tcp 195.1.1.1 2003 10.1.1.3 ssh netmask 255.255.255.255

access-list in_on_outside permit tcp any host 195.1.1.1 range 2001 2003

Where 195.1.1.1 is external IP and 10.1.1.x is the internal IPs

Regards

Can you put ranges on this as well?

static (inside,outside) tcp 195.1.1.1 2001 10.1.1.1 ssh netmask 255.255.255.255

like 2001 - 2005

Hi,

I'm afraid you can't use a range on the static command.

Regards

Can I use a global outside command? For each of the 3 internal IP addresses I need to show ports

5631-5634, 1580-81, & 8081 - internal 1

5635-5638, 1582-83, & 8082 - internal 2

5639-5642, 1584-85, & 8083 - internal 3

Thanks,

Jeff

HEATH FREEL
Level 1
Level 1

Yes you can provided the internal hosts all require different port numbers.

See the following port redirection example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t10

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: