10-16-2009 10:32 AM - edited 03-11-2019 09:26 AM
We have an internal router in our network with three hosts behind it. I need to know how to NAT an external IP address across our ASA - in essence to allow remote access to each host in turn behind the internal router. Is this possible? I've done single NATs to a single internal host, but haven't a clue how to do this with the internal router IP providing access to multiple hosts.
Thanks
10-16-2009 10:53 AM
I think this is what you're asking for...
static (inside,outside) external.ip.1 host.ip.1 netmask 255.255.255.255
static (inside,outside) external.ip.2 host.ip.2 netmask 255.255.255.255
static (inside,outside) external.ip.2 host.ip.2 netmask 255.255.255.255
Then just make sure the ASA has a route to the host network.
route inside host.network.ip mask router.ip
10-16-2009 11:30 AM
The internal network is defined as 172.16.0.0/16. The router is assigned an IP from this network. The hosts behind the router are network 192.168.x.x/24 (creating a private network within the local subnet).
What you suggest appears to be individual NATs for each of the three hosts. What I need is to NAT just the router IP - but through that single NAT - provide remote access to each host behind the router. It seems this could be done, but I'm not sure how to configure the ASA and/or the router for this set-up. Thanks.
10-16-2009 11:35 AM
You could do that easily with different ports.
static (inside,outside) tcp x.x.x.x port1 192.168.x.x port1 netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x port2 192.168.x.x port2 netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x port3 192.168.x.x port3 netmask 255.255.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide