Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - Policy NAT

Hello all,

I am trying to find out if possible to do the following:

I have a server in the DMZ: 172.17.1.100 /24 and server in the inside 172.20.1.200 /24 both will have the same nat ip

address outside: 1.1.1.200 this can be done using policy nat. ( I think, have not done yet).

Let say the above policy nat is implemented and the real questions here are:

1. if outside users connect to 1.1.1.200 then which servers the outside users will connect.

2. If posible for the outside user connect to 1.1.1.200 and this will redirect to DMZ server 172.17.1.100 instead of inside server 172.20.1.200

This is still in planning mode so no actual configuration has been done.

Thank you.

2 REPLIES
Cisco Employee

Re: ASA - Policy NAT

Hello,

Unfortunately, you cannot do policy NAT for multiple inside IP and one public IP. You do need to find a way to differentiate the traffic on the outside interface. You can use different ports for different servers. But you cannot have both devices advertise their services using the same public IP and same port.

Regards,

NT

New Member

Re: ASA - Policy NAT

Thank you for your response NT.  I will work on different solution.

544
Views
3
Helpful
2
Replies