NAT internal router across ASA

Unanswered Question
Oct 16th, 2009
User Badges:

We have an internal router in our network with three hosts behind it. I need to know how to NAT an external IP address across our ASA - in essence to allow remote access to each host in turn behind the internal router. Is this possible? I've done single NATs to a single internal host, but haven't a clue how to do this with the internal router IP providing access to multiple hosts.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 10/16/2009 - 10:53
User Badges:
  • Green, 3000 points or more

I think this is what you're asking for...

static (inside,outside) external.ip.1 host.ip.1 netmask

static (inside,outside) external.ip.2 host.ip.2 netmask

static (inside,outside) external.ip.2 host.ip.2 netmask

Then just make sure the ASA has a route to the host network.

route inside mask router.ip

iholdings Fri, 10/16/2009 - 11:30
User Badges:

The internal network is defined as The router is assigned an IP from this network. The hosts behind the router are network 192.168.x.x/24 (creating a private network within the local subnet).

What you suggest appears to be individual NATs for each of the three hosts. What I need is to NAT just the router IP - but through that single NAT - provide remote access to each host behind the router. It seems this could be done, but I'm not sure how to configure the ASA and/or the router for this set-up. Thanks.

acomiskey Fri, 10/16/2009 - 11:35
User Badges:
  • Green, 3000 points or more

You could do that easily with different ports.

static (inside,outside) tcp x.x.x.x port1 192.168.x.x port1 netmask

static (inside,outside) tcp x.x.x.x port2 192.168.x.x port2 netmask

static (inside,outside) tcp x.x.x.x port3 192.168.x.x port3 netmask


This Discussion