cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
653
Views
0
Helpful
5
Replies

Cisco ASA 8.6 - Static PAT with same Public IP

abhisar patil
Level 1
Level 1

Dear Team,

Please help me to configure static PAT with same Public IP. I did some configuration but did not worked.

Public IP - 1.1.1.1

Private IP1  - 192.168.1.10 Port http

Private IP1  - 192.168.1.20 Port SMTP

Configuration -

***********************************************

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

***********************************************

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

***********************************************

acces-list outside extended permit tcp any host 192.168.1.10 eq http

acces-list outside extended permit tcp any host 192.168.1.10 eq http

***********************************************

Thank You,

Abhisar.

5 Replies 5

pubhanda
Level 1
Level 1

Hi Abhisar,

This would be the configuration which would help you in solving acheiving your requirement.

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.20

  host 192.168.1.20

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

access-list outside extended permit tcp any host 192.168.1.10 eq http

access-list outside extended permit tcp any host 192.168.1.20 eq smtp

The above access-list "outside" should be applied to the outside interface with the help of following command:

access-group outside in interface outisde

Thank you,

Pulkit Bhandari

Dear Pulkit,

Thank you for your reply. I have applied that access-group, I did not pasted here. I want to know about nat configuration if it is correct or not?

Thank You,

Abhisar.

Hi Abhisar,

Yes, i did checked the configuration and found some errors. It might be a Typing error though..

***********************************************

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.10                                   it should be for 192.168.1.20

  host 192.168.1.10

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

***********************************************

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

***********************************************

acces-list outside extended permit tcp any host 192.168.1.10 eq http

acces-list outside extended permit tcp any host 192.168.1.10 eq http         ---> this should be also for 192.168.1.20 for smtp

***********************************************

The corrected configuration should be as follows:

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.20

  host 192.168.1.20

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

access-list outside extended permit tcp any host 192.168.1.10 eq http

access-list outside extended permit tcp any host 192.168.1.20 eq smtp

Hope this helps

Please  do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

Thanks

Pulkit Bhandari

Dear Pulkit,

Thank you for your reply and correction . This is typing error from my side, what about the logic behind the configuration if is it fine?

Thank You,

Abhisar.

Hi Abhisar,

Yes, the logic behind the configuration is correct.

For more details regarding the new  NAT configuration on ASA version 8.3+ you can also refer the following documents:

https://supportforums.cisco.com/docs/DOC-12690

Hope this helps.

Feel free to ask more if needed

- Pulkit

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: