Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
842
Views
0
Helpful
3
Replies

5505 7.2(4) - PAT Multiple to one inside.

Go to solution
r_drogerson
Level 1
Level 1

‎02-02-2012 03:54 AM - edited ‎03-11-2019 03:23 PM

Hi Guys,

I have a 5505 IOS V7.2(4).

I am trying to add 2 static PATs using 2 external IPs to a single internal IP.

This is what we have in place already and is working fine:

static (inside,outside) tcp 77.xx.xx.206 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 https netmask 255.255.255.255

I am wanting to add another external IP to this and PAT it to the same internal destination, so the outcome should be:

static (inside,outside) tcp 77.xx.xx.206 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 https netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.205 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.205 https 10.xx.xx.2 https netmask 255.255.255.255

10.xx.xx.2 is a VIP running on a par of NetScalers.

I know it possible on the 8.3 IOS to have a One -to- Many Static NAT.

Does anyone Know if it’s possible or how to correctly configure this? As when I try applying the config it errors (ERROR: duplicate of existing static).

Regards

Dale

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎02-02-2012 11:13 AM

Hello Dale,

Lets trick the ASA:

Acess-list test1 permit tcp host 10.xx.xx.2 eq 80 any

static (inside,outside) 77.xx.xx.205 access-list test1

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 http

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎02-02-2012 11:13 AM

Hello Dale,

Lets trick the ASA:

Acess-list test1 permit tcp host 10.xx.xx.2 eq 80 any

static (inside,outside) 77.xx.xx.205 access-list test1

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 http

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
r_drogerson
Level 1
Level 1
In response to Julio Carvajal

‎05-14-2012 08:21 AM

Hi Julio,

Sorry for the not responding sooner, your fix worked a charm.

Dale

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to r_drogerson

‎05-14-2012 10:08 AM

Hello Dale,

My pleasure, Glad I could help.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card