Need to NAT single public IP to multiple internal IPs.
Outside:184.108.40.206/25 -> DMZ:192.168.1.10/25
Outside:220.127.116.11/443 -> Inside:192.168.2.10/443
Outside:18.104.22.168/1352 -> Inside:192.168.2.10/1352
Initially tried (via ASDM) static P/NAT from DMZ to Outside using Port Address Translation with port 25 both in and out.
Then adding static P/NAT from Inside to Outside using Port Address Translation for port 443.
Problem arises when I want to specify the third static P/NAT for port 1352, or when I leave PAT on for DMZ host, but turn it off for the Inside host.
The ultimate goal is for port 25 on the public IP to go to the DMZ host while 443 and 1352 get sent to the Inside host.
How can I accomplish this? It's OK to say the ASDM won't let you do this, but I won't be so happy to hear that the ASA cannot accomplish this knowing that there are a bunch of half-assed appliances out there that DO handle this.
Thanks for helpin me out yet again!
Cisco ASA does support that. Please try from CLI.
static(dmz,outside) tcp 22.214.171.124 25 192.168.1.1 25
static(inside,outside) tcp 126.96.36.199 443 192.168.2.1 443
static(inside,outside) tcp 188.8.131.52 1352 192.168.2.1 1352
Also add these access-list in outside interface access-list.
access-list outside_in extended permit tcp any host 184.108.40.206 eq smtp
access-list outside_in extended permit tcp any host 220.127.116.11 eq https
access-list outside_in extended permit tcp any host 18.104.22.168 1352