cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
4
Replies

Two nat - One Public IP

Amin Shaikh
Level 1
Level 1

Hi,

I have one public Ip address and wants to nat with one DMZ address and one insdie address

DMZ address for smtp ( anyone from outside should be able to connect to smtp server)

Inside address for http ( anyone from internet should be able to access web-server )

Is this possible.

1 Accepted Solution

Accepted Solutions

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

View solution in original post

4 Replies 4

jan.nielsen
Level 7
Level 7

Certainly,

If your public address is the one assigned to your outside interface, this is how its done.

static (inside,outside) tcp interface 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 mail-server-ip 25 netmask 255.255.255.255

Also, in addition to the static NAT statements, you will have to allow TCP port 80 and port 25 on your OUTSIDE interface Access-List.

Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP.

Is similar scenario documented on cisco documentation. Any Help.

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: