URGENT - static NAT using multiple external address

Unanswered Question
Nov 10th, 2009
User Badges:


I have a question about Static NAT.

My client use a Linux Firewall for Connection partners using L2L (about 70). He bought two 5520 to replace the current Linux Firewall. I conducted a survey of access rules for migration of the firewall and I have problems with some rules for nat statico. Today many clients connect to an external address static nat configured in Firewall for port redirection, but this by using multiple outside addresses to the same address inside. As we know there is a limitation to this configuration when using NAT on the ASA / PIX. Next example below:

static (inside,outside) tcp 80 netmask 80

static (inside,outside) tcp 80 netmask 80

Have any tips on how I can treat this type of NAT?

The client is even thinking about rolling back the purchase of Cisco ASA due to this limitation.

Can you help?

Thank you very much !!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Tue, 11/10/2009 - 12:04
User Badges:
  • Cisco Employee,


That cannot be implemented on an ASA. With statics, or even policy statics it won't work. The ASA will complain about mapped address conflicts.

The question would be why do you want to do that?


rubens.palhoni Tue, 11/10/2009 - 12:18
User Badges:

Hi PK,

Exactly right. I know that conflicts, but the client is very moroless because it uses a Linux configuration that accomplishe this without major problems. Posted this case here, to verify together if

can find a solution rsrsrsr ...

Panos Kampanakis Wed, 11/11/2009 - 08:41
User Badges:
  • Cisco Employee,

vikram's solution will still not work. The ASA will give an error.

It cannot be done.



This Discussion