Two nat - One Public IP

Answered Question
Oct 3rd, 2009

Hi,


I have one public Ip address and wants to nat with one DMZ address and one insdie address

DMZ address for smtp ( anyone from outside should be able to connect to smtp server)

Inside address for http ( anyone from internet should be able to access web-server )


Is this possible.

Correct Answer by Jon Marshall about 7 years 4 months ago

"Can I do the same without using ASA external (Outside) IP.


Assuming I have one free public IP."


Yes, as long as the public IP address has been assigned to your company.


The static statements would change slightly ie.


assuming free public IP - 195.17.17.10


static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25


"Is similar scenario documented on cisco documentation. Any Help."


Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jan.nielsen Sat, 10/03/2009 - 13:33

Certainly,


If your public address is the one assigned to your outside interface, this is how its done.


static (inside,outside) tcp interface 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 mail-server-ip 25 netmask 255.255.255.255



dhananjoy chowdhury Sat, 10/03/2009 - 22:14

Also, in addition to the static NAT statements, you will have to allow TCP port 80 and port 25 on your OUTSIDE interface Access-List.

Amin Shaikh Sun, 10/04/2009 - 08:39

Can I do the same without using ASA external (Outside) IP.


Assuming I have one free public IP.


Is similar scenario documented on cisco documentation. Any Help.


Correct Answer
Jon Marshall Sun, 10/04/2009 - 08:50

"Can I do the same without using ASA external (Outside) IP.


Assuming I have one free public IP."


Yes, as long as the public IP address has been assigned to your company.


The static statements would change slightly ie.


assuming free public IP - 195.17.17.10


static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25


"Is similar scenario documented on cisco documentation. Any Help."


Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.


Jon

Actions

This Discussion