Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA NAT one external IP to two internal machines

Can it be done? I tried to split the IP into ports using static (dmz,outside)tcp external www internal www

ACL works as I tried it with a 1:1 translation, but doesnt with I try it this way. Is there an alternative? The company is short a public IP and needs to have it working this way.

4 REPLIES

Re: ASA NAT one external IP to two internal machines

You can configure port redirection to forward traffic based on global IP & port to the appropriate interval server. Here's a small example.

static (dmz,outside) tcp 209.165.201.5 smtp 10.1.1.6 smtp netmask 255.255.255.255

static (dmz,outside) tcp 209.165.201.5 www 10.1.1.3 www netmask 255.255.255.255

HTH

Sundar

New Member

Re: ASA NAT one external IP to two internal machines

HI, When I posted this, the static translations weren't working. After I posted I blew them away and re-entered them one at a time and tested them and they started working. I had them done correctly, but for some odd reason they just refused to work, but work now that I redid them.

Cisco Employee

Re: ASA NAT one external IP to two internal machines

Hi,

static (dmz,outside)tcp external www internal www

This should work fine, make sure you also include ports in ACL like following example:

access-list 101 permit tcp any host external eq www

access-group 101 in interface outside

Also ports for 2 ip addresses should be different.

Hope this helps.

Regards

Rohit

New Member

Re: ASA NAT one external IP to two internal machines

Try below command it works

1. Connects outside X.X.X.X on service 8080 to Internal Y.Y.Y.Y on service WWW.

-->(config)# static (inside,outside) tcp X.X.X.X 8080 Y.Y.Y.Y www netmask

255.255.255.255

2. Redirect Telnet requests for X.X.X.X to Y.Y.Y.Y by entering the following command:

--> config)# static (inside,outside) tcp X.X.X.X telnet Y.Y.Y.Y telnet netmask

255.255.255.255

Hope this will help

286
Views
0
Helpful
4
Replies