Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
4
Replies

outside NAT

donnie
Level 1
Level 1

‎06-18-2010 03:43 AM - edited ‎03-11-2019 11:01 AM

Hi all,

How do i configure outside NAT such that my external public ip is map to one of my  dmz private ip.

What i want is when any address on the internet connects to my public ip on a certain port it will translate to my dmz ip which my server is using.

I am using asdm to configure my cisco asa 5510 firewall. I did a NAT for my source public ip to be translated to my dmz ip. I then set an accesslist to allow any incoming ip on a specific port to access the public ip i configure for outside NAT. But it didnt work. Pls advise. Thks in advance.

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-18-2010 05:31 AM

With CLI:

static (DMZ,outside) netmask 255.255.255.255

With ASDM:

Configuration --> Firewall --> NAT Rules --> Add Static NAT rule -->

Original interface: DMZ

Source: dmz-private-ip

Translated interface: outside

Use IP Address: external-public-ip

Then click: OK, and apply.

Access-list applied on the outside interface should allow traffic from "any" towards the external public ip on certain tcp/udp ports.

Hope that helps.

0 Helpful

donnie
Level 1
Level 1
In response to Jennifer Halim

‎06-19-2010 10:13 PM

Hi Halijenn,

Thk you for your prompt response. I know of the steps required for NAT stated in your reply. What i am looking for is when any internet ip access my public ip eg 203.x.x.10 and 203.x.x.11 it will automatically translate to my 1 private ip eg 192.168.10.1. We use to have 2 private ip(192.168.10.1, 192.168.10.2) translate to the 2 public ip stated above, but we have merge the 2 servers into 1.

We would like to continue to use the 2 public ip so that it is a transparent transition for our external customers. Thks in advance.

0 Helpful

gatlin007
Level 4
Level 4
In response to donnie

‎06-20-2010 08:40 AM

Don,


I'm not sure if this approach is supported but I've used something like this in the past when migrating external addresses; proceed at your own risk.


access-list tango permit ip any host 192.168.10.1 any

static (dmz,outside) 203.x.x.10 192.168.10.1
static (dmz,outside) 203.x.x.11 access-list tango




Chris

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to donnie

‎06-20-2010 06:42 PM

Unfortunately you can't translate 2 public ip addresses to just 1 private ip address as it is not supported.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card