Port forwading on ASA5520/8.21

Unanswered Question
Sep 23rd, 2009
User Badges:


I have setup NAT/PAT on ASA5520 and it 's working properly. Right now, I have one webserver resides on inside network and I want to forward 2 different IP addresses to this inside server by the same port, like below

Outside IP address1:80 -> Inside IP address:80

Outside IP address2:80 -> Inside IP address:80

But ASA doesn't allow me to do that, it prompts "ERROR: duplicate of existing static".

Can anyone advise how to achieve it? TIA!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
David Lin Wed, 09/23/2009 - 11:49
User Badges:

Jorge, thanks a lot.

The link instructs how to translate multiple IP addressed to a single IP addres. It works fine.

But is there any way to do the port translation like I mentioned above?

I trid below command but it didn't go.

static (inside,outside) tcp 8080 access-list Test ?

configure mode commands/options:

<0-65535> The maximum number of simultaneous tcp connections the local IP

hosts are to allow, default is 0 which means unlimited

connections. Idle connections are closed after the time

specified by the timeout conn command

dns Use the created xlate to rewrite DNS address record

netmask Configure Netmask to apply to IP addresses

norandomseq Disable TCP sequence number randomization

tcp Configure TCP specific parameters

udp Configure UDP specific parameters

Certainly, I can set up the ACE to block other ports on that IP address translation instead.

Thank you.

JORGE RODRIGUEZ Wed, 09/23/2009 - 12:04
User Badges:
  • Green, 3000 points or more

say local IP - and public IPs,

access-list policy1 permit tcp host eq 80 any

access-list policy2 permit tcp host eq 80 any

static (inside,outside) tcp 8080 access-list policy1

static (inside,outside) tcp 8080 access-list policy2

Is this what you're trying to do?


made couple of corrections - probably need to lab this one , but try it.



This Discussion