cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1435
Views
0
Helpful
20
Replies

Natting

Amardeep Kumar
Level 1
Level 1

    HI

I want to configure two natting statment with my sinlge local IP for my mail Server. Is it possible to create another router with same local ip for another extenal IP. I am using ASA 5505.

Right now I have


static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255


static (inside,outside) yyy.yyy.yyy.yyy  192.168.12.49 netmask 255.255.255.255  ( I want to do like this)

Thanks

Amardeep Rana

20 Replies 20

rahgovin
Level 4
Level 4

No. I think it will complain about duplicate entries to the first static when u try to enter the second static command.

this will not be possible you can map ports if you have specific example

for example

static (inside,outside) tcp xxx.xxx.xxx.xxx 25 192.168.12.49 25 netmask 255.255.255.255
static (inside,outside) tcp yyy.yyy.yyy.yyy  22 192.168.12.49 22 netmask 255.255.255.255

but just curious, wouldnt your server complain of ip conflict in your internal network as 2 devices have the same ip

HI

I have only one server with local ip of 192.168.12.49. But I want to create two nat route with this and I get the error of

duplicity..

Thanks

Amardeep Rana

HI

Yes , You are right , this is giving me same error og duplcity.

So you mean , I am not able to map single local IP to my another two external IP.

Any Idea , I can do it..

Thanks

Amardeep Rana

as i said the only option is static pat wherein you can map specific ports

the reason is simple when the server is sending a packet out it will not know which public ip to use

can you elaborate more on what service this host is running

whether the 2 ip's need to be translated on the same interface

why exactly do you need to translate it to 2 ip's unless the server is running 2 services

HI

This is my mail server.And I want to put it up everytime. Some time what happens my primary ISP goes down so I have to roll over on Backup iSP. So I want to map the same server on two ISP external IP. So that server can be up everytime.

Thanks

Amardeep Rana

Hello,

Are both your ISP's connected to same outside interface? If yes, my earlier

post has the configuration example that will achieve what you are looking

for. If they are on different interface of the firewall, then you need not

have to worry about duplicate entries and just configure normal static NAT.

static (inside,ISP1) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255

static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255

The firewall will choose the static based on the outgoing interface.

Hope this helps.

Regards,

NT

HI Nagaraja Thanthry,,

I think your answer worked for me and I was able to make two route. But As I created second route, My internet stop working.

static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255 , As I put this command, My first entry stop working, Internet was not working on the same server which IP I am using for two routes. To resolve the issue I have to remove both of the entry from ASA and map another IP to my mail server and after it start running. 192.168.12.49 server stop

running after my sesond static command.

I tried clear xlate but in vain.

Please suggest

Thanks

if you have 2 isp's then i would assume you have 2 interfaces as well connected to internet

http://www.cisco.biz/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

the above doc shows how the ideal scenario is for dual isp

Hello,

You can use policy-nat.

access-list PNAT1 permit ip host 192.168.12.49 any

access-list PNAT2 permit ip host 192.168.12.49 any

static (inside,outside) xxx.xxx.xxx.xxx access-list PNAT1

static (inside,outside) yyy.yyy.yyy.yyy access-list PNAT2

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

Hope this helps.

Regards,

NT

HI

Let me try with this configration. I will update it soon.

Thanks

Amardeep Rana

HI

I have a A records on Godaddy for my some of the servers. I have created natting lcoal IP to external IP and I access those servers via Name. What I have made some change on ASA 5505 after that none of the IP was pinging outside. I have to change all of my static routes to different IPs. after they are runnging. Is there any issue second ISP router can create. What is roll of Xlate . Please suggest , I dont have much IP in my Pool. Please help

Thanks

Amardeep K

Hello,

Can you please post the output of "show run interface", "show run static", and "show run route" here? You can sanitize your IP addresses if you like.

Regards,

NT

HI

Output of these three Commands

ciscoasa(config)# sh run interface

!

interface Vlan1

nameif inside

security-level 100

ip address Local IP 255.255.254.0

!

interface Vlan2

nameif outside

security-level 0

ip address Extrenal 255.255.255.224

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

switchport access vlan 3

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

switchport access vlan 22

sh run static

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.62 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.59 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.100 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.41 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx exchange01 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.65 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.19 netmask 255.255.255.255 

( I have to recreate all static again , AS I was not able to access them after Daul ISP setup Or after putting this command

static (inside,ISP2) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255.

show run route

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1 track 1

Thanks

Amardeep Rana

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: