Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA and PAT

Hi,

 

There are 2 things I would like to ask.

 

1st - my understanding of PAT ( port address translation ) if I have 1 public IP address lets say 1.1.1.1 for example and have 3 internal servers 192.168.1.1 .2 and .3 can I use the same public IP to map different services E.G 3389 to 192.168.1.1 443 to 1.2 80 to 1.3 using the 1 public IP?

 

The one thing I'm guessing that can't be done on 1 public IP is map the same service to multiple servers so 3389 to 192.168.1.1 .2 and .3?

 

Please confirm?

 

Thanks.

 

3 REPLIES
New Member

You are correct, we cannot

You are correct, we cannot use PAT in that manner. We need to have static NAT to allow a user from the outside to reach a specific machine (i.e., 192.168.1.2:3389).

We use PAT to conserve our Public IP Range/s.

PAT would be

 

object network Inside

subnet 192.168.1.0 255.255.255.0

nat (inside,outside) dynamic interface

 

Now when any client on the Inside (192.168.1.0/24) tries to get to the Internet, they will be PAT to the outside IP of the ASA.

 

Static NAT would be

 

object network PublicIP

host 108.1.1.252

 

object network RDP-Server1

host 192.168.1.2

nat (inside,outside) static PublicIP service tcp 3389 3389

 

 

 

New Member

So I can do what I said first

So I can do what I said first as in map 1 public IP to multiple internal as long as there on different ports?

Cisco Employee

Hi,Yes , you are correct.For

Hi,

Yes , you are correct.

For Ex:-

If you have 3 Server and 1 Public IP:-

LAN IP:- 10.1.1.1 , 10.1.1.2 and 10.1.1.3

Public IP:- 2.2.2.2

You can do something like this:-

object network RDP-Server1

host 10.1.1.1

nat (inside,outside) static PublicIP service tcp 3389 3389

object network RDP-Server2

host 10.1.1.2

nat (inside,outside) static PublicIP service tcp 3389 3390

object network RDP-Server3

host 10.1.1.3

nat (inside,outside) static PublicIP service tcp 3389 3391

Thanks and Regards,

Vibhor Amrodia

62
Views
0
Helpful
3
Replies
CreatePlease to create content