Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

5505 7.2(4) - PAT Multiple to one inside.

Hi Guys,

I have a 5505 IOS V7.2(4).

I am trying to add 2 static PATs using 2 external IPs to a single internal IP.

This is what we have in place already and is working fine:

static (inside,outside) tcp 77.xx.xx.206 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 https netmask 255.255.255.255

I am wanting to add another external IP to this and PAT it to the same internal destination, so the outcome should be:

static (inside,outside) tcp 77.xx.xx.206 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 https netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.205 www 10.xx.xx.2 www netmask 255.255.255.255

static (inside,outside) tcp 77.xx.xx.205 https 10.xx.xx.2 https netmask 255.255.255.255

10.xx.xx.2 is a VIP running on a par of NetScalers.

I know it possible on the 8.3 IOS to have a One -to- Many Static NAT.

Does anyone Know if it’s possible or how to correctly configure this? As when I try applying the config it errors (ERROR: duplicate of existing static).

Regards

Dale

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

5505 7.2(4) - PAT Multiple to one inside.

Hello Dale,

Lets trick the ASA:

Acess-list test1 permit tcp host 10.xx.xx.2 eq 80 any

static (inside,outside) 77.xx.xx.205 access-list test1

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 http

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

5505 7.2(4) - PAT Multiple to one inside.

Hello Dale,

Lets trick the ASA:

Acess-list test1 permit tcp host 10.xx.xx.2 eq 80 any

static (inside,outside) 77.xx.xx.205 access-list test1

static (inside,outside) tcp 77.xx.xx.206 https 10.xx.xx.2 http

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

5505 7.2(4) - PAT Multiple to one inside.

Hi Julio,

Sorry for the not responding sooner, your fix worked a charm.

Dale

5505 7.2(4) - PAT Multiple to one inside.

Hello Dale,

My pleasure, Glad I could help.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
554
Views
0
Helpful
3
Replies
CreatePlease to create content