07-29-2010 04:45 AM - edited 03-11-2019 11:18 AM
HI
I want to configure two natting statment with my sinlge local IP for my mail Server. Is it possible to create another router with same local ip for another extenal IP. I am using ASA 5505.
Right now I have
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255
static (inside,outside) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255 ( I want to do like this)
Thanks
Amardeep Rana
07-29-2010 05:01 AM
No. I think it will complain about duplicate entries to the first static when u try to enter the second static command.
07-29-2010 05:18 AM
this will not be possible you can map ports if you have specific example
for example
static (inside,outside) tcp xxx.xxx.xxx.xxx 25 192.168.12.49 25 netmask 255.255.255.255
static (inside,outside) tcp yyy.yyy.yyy.yyy 22 192.168.12.49 22 netmask 255.255.255.255
but just curious, wouldnt your server complain of ip conflict in your internal network as 2 devices have the same ip
07-29-2010 05:25 AM
HI
I have only one server with local ip of 192.168.12.49. But I want to create two nat route with this and I get the error of
duplicity..
Thanks
Amardeep Rana
07-29-2010 05:26 AM
HI
Yes , You are right , this is giving me same error og duplcity.
So you mean , I am not able to map single local IP to my another two external IP.
Any Idea , I can do it..
Thanks
Amardeep Rana
07-29-2010 05:30 AM
as i said the only option is static pat wherein you can map specific ports
the reason is simple when the server is sending a packet out it will not know which public ip to use
can you elaborate more on what service this host is running
whether the 2 ip's need to be translated on the same interface
why exactly do you need to translate it to 2 ip's unless the server is running 2 services
07-29-2010 05:38 AM
HI
This is my mail server.And I want to put it up everytime. Some time what happens my primary ISP goes down so I have to roll over on Backup iSP. So I want to map the same server on two ISP external IP. So that server can be up everytime.
Thanks
Amardeep Rana
07-29-2010 05:47 AM
Hello,
Are both your ISP's connected to same outside interface? If yes, my earlier
post has the configuration example that will achieve what you are looking
for. If they are on different interface of the firewall, then you need not
have to worry about duplicate entries and just configure normal static NAT.
static (inside,ISP1) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255
static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255
The firewall will choose the static based on the outgoing interface.
Hope this helps.
Regards,
NT
07-30-2010 01:32 AM
HI Nagaraja Thanthry,,
I think your answer worked for me and I was able to make two route. But As I created second route, My internet stop working.
static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255 , As I put this command, My first entry stop working, Internet was not working on the same server which IP I am using for two routes. To resolve the issue I have to remove both of the entry from ASA and map another IP to my mail server and after it start running. 192.168.12.49 server stop
running after my sesond static command.
I tried clear xlate but in vain.
Please suggest
Thanks
07-29-2010 05:47 AM
if you have 2 isp's then i would assume you have 2 interfaces as well connected to internet
the above doc shows how the ideal scenario is for dual isp
07-29-2010 05:41 AM
Hello,
You can use policy-nat.
access-list PNAT1 permit ip host 192.168.12.49 any
access-list PNAT2 permit ip host 192.168.12.49 any
static (inside,outside) xxx.xxx.xxx.xxx access-list PNAT1
static (inside,outside) yyy.yyy.yyy.yyy access-list PNAT2
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml
Hope this helps.
Regards,
NT
07-29-2010 05:52 AM
HI
Let me try with this configration. I will update it soon.
Thanks
Amardeep Rana
07-30-2010 07:07 AM
HI
I have a A records on Godaddy for my some of the servers. I have created natting lcoal IP to external IP and I access those servers via Name. What I have made some change on ASA 5505 after that none of the IP was pinging outside. I have to change all of my static routes to different IPs. after they are runnging. Is there any issue second ISP router can create. What is roll of Xlate . Please suggest , I dont have much IP in my Pool. Please help
Thanks
Amardeep K
07-30-2010 07:14 AM
Hello,
Can you please post the output of "show run interface", "show run static", and "show run route" here? You can sanitize your IP addresses if you like.
Regards,
NT
07-30-2010 07:23 AM
HI
Output of these three Commands
ciscoasa(config)# sh run interface
!
interface Vlan1
nameif inside
security-level 100
ip address Local IP 255.255.254.0
!
interface Vlan2
nameif outside
security-level 0
ip address Extrenal 255.255.255.224
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 22
sh run static
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.62 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.59 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.100 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.41 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx exchange01 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.65 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.19 netmask 255.255.255.255
( I have to recreate all static again , AS I was not able to access them after Daul ISP setup Or after putting this command
static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255.
show run route
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1 track 1
Thanks
Amardeep Rana
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: