Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
3
Helpful
2
Replies

ASA - Policy NAT

ttran
Level 1
Level 1

‎09-15-2010 11:01 AM - edited ‎03-11-2019 11:40 AM

Hello all,

I am trying to find out if possible to do the following:

I have a server in the DMZ: 172.17.1.100 /24 and server in the inside 172.20.1.200 /24 both will have the same nat ip

address outside: 1.1.1.200 this can be done using policy nat. ( I think, have not done yet).

Let say the above policy nat is implemented and the real questions here are:

1. if outside users connect to 1.1.1.200 then which servers the outside users will connect.

2. If posible for the outside user connect to 1.1.1.200 and this will redirect to DMZ server 172.17.1.100 instead of inside server 172.20.1.200

This is still in planning mode so no actual configuration has been done.

Thank you.

Labels:
0 Helpful
2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎09-15-2010 01:47 PM

Hello,

Unfortunately, you cannot do policy NAT for multiple inside IP and one public IP. You do need to find a way to differentiate the traffic on the outside interface. You can use different ports for different servers. But you cannot have both devices advertise their services using the same public IP and same port.

Regards,

NT

ttran
Level 1
Level 1
In response to Nagaraja Thanthry

‎09-15-2010 02:04 PM

Thank you for your response NT.  I will work on different solution.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card