06-27-2017 02:16 AM - edited 03-12-2019 02:37 AM
Hi All,
I have an ASA 5505 on code asa916-k8 (new code). In the DMZ, I have two servers: a spam filter and an email server - 10.10.10.7 and 10.10.10.2 respectively. The requirement from management is that both servers need to have the same public IP - 138.xxx.xx.150 and accessed from the outside based on TCP source port:
1. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 25, PAT to 10.10.10.7 port 25
2. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 225, PAT to 10.10.10.2 port 25
3. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 80, PAT to 10.10.10.2 port 80
4. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 443, PAT to 10.10.10.2 port 443
How can I arrange my NAT statements to accommodate this on asa916 code? Tried for 4-5 hours unsuccessfully last night.
Solved! Go to Solution.
06-27-2017 06:18 AM
Hi Dean,
Please configure the following NAT rules and allow traffic as mentioned below:
object network OBJ-10.10.10.7-25
host 10.10.10.7
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 25
!
object network OBJ-10.10.10.2-25
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 225
!
object network OBJ-10.10.10.2-80
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 80 80
!
object network OBJ-10.10.10.2-443
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 443 443
!
Allow destination TCP port 25, 80 and 443 for IP 10.10.10.2. Also allow destination TCP port 25 for IP 10.10.10.7.
06-27-2017 06:18 AM
Hi Dean,
Please configure the following NAT rules and allow traffic as mentioned below:
object network OBJ-10.10.10.7-25
host 10.10.10.7
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 25
!
object network OBJ-10.10.10.2-25
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 225
!
object network OBJ-10.10.10.2-80
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 80 80
!
object network OBJ-10.10.10.2-443
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 443 443
!
Allow destination TCP port 25, 80 and 443 for IP 10.10.10.2. Also allow destination TCP port 25 for IP 10.10.10.7.
06-27-2017 12:33 PM
Works great. Thank you very much.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: