NAT internal router across ASA

iholdings · ‎10-16-2009

We have an internal router in our network with three hosts behind it. I need to know how to NAT an external IP address across our ASA - in essence to allow remote access to each host in turn behind the internal router. Is this possible? I've done single NATs to a single internal host, but haven't a clue how to do this with the internal router IP providing access to multiple hosts.

Thanks

acomiskey · ‎10-16-2009

I think this is what you're asking for...

static (inside,outside) external.ip.1 host.ip.1 netmask 255.255.255.255

static (inside,outside) external.ip.2 host.ip.2 netmask 255.255.255.255

Then just make sure the ASA has a route to the host network.

route inside host.network.ip mask router.ip

iholdings · ‎10-16-2009

The internal network is defined as 172.16.0.0/16. The router is assigned an IP from this network. The hosts behind the router are network 192.168.x.x/24 (creating a private network within the local subnet).

What you suggest appears to be individual NATs for each of the three hosts. What I need is to NAT just the router IP - but through that single NAT - provide remote access to each host behind the router. It seems this could be done, but I'm not sure how to configure the ASA and/or the router for this set-up. Thanks.

acomiskey · ‎10-16-2009

You could do that easily with different ports.

static (inside,outside) tcp x.x.x.x port1 192.168.x.x port1 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.x port2 192.168.x.x port2 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.x port3 192.168.x.x port3 netmask 255.255.255.255