cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
2
Replies

Three FTP batch servers NATTED to a single Public on an ASA

Justin Westover
Level 1
Level 1

We currently have three batch servers that send batch files out to customers, we don't accept connections inbound (no connections initiated from the customer to us). Currently those batch servers pass through an old Cisco CSS (content services switch) and when it does it basically NATs those three source IPs into a single IP (172.31.2.4). On the ASA there's a static NAT that NATs that single IP to a public IP, no big deal so far and this all works for active and passive FTP connections. 

 

Now we want to remove those old CSSs so the batch servers would pass through the network to the external firewalls without being NATTED  (unlike what is happening today when they are NATTED to 172.31.2.4). I want to know if I create a dynamic (PAT) nat on the ASA to take those three batch server IP addresses and NAT them to a single IP, does anything see a problem with that? Will Active and Passive FTP continue to work? I assume it will. I believe a static NAT would not work in this scenario and that I would need to use dynamic (PAT). Thoughts?   

2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

So , If i understand it correctly , this was the setup with CSS in place:-

Three IP >> CSS >> 1 IP >>>ASA >> Public IP

Now ,

Three IP >> ASA >> Public IP

Now , as the Server is behind the ASA device you would need a separate Static PAT/Static NAT for each IP for the servers to get it to work.

Please let me know if you have any queries.

Thanks and Regards,

Vibhor Amrodia

Does that mean I also need a separate public ip for each now also? Or simply just a separate static nat for each source IP to the same public IP? 

Example:

Nat (inside,outside) 1 source static object-172.16.1.1 public-ip01

Nat (inside,outside) 2 source static object-172.16.1.2 public-ip01

Nat (inside,outside) 3 source static object-172.16.1.3 public-ip01

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: