Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Dear Team,

Please help me to configure static PAT with same Public IP. I did some configuration but did not worked.

Public IP - 1.1.1.1

Private IP1  - 192.168.1.10 Port http

Private IP1  - 192.168.1.20 Port SMTP

Configuration -

***********************************************

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

***********************************************

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

***********************************************

acces-list outside extended permit tcp any host 192.168.1.10 eq http

acces-list outside extended permit tcp any host 192.168.1.10 eq http

***********************************************

Thank You,

Abhisar.

5 REPLIES
New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Hi Abhisar,

This would be the configuration which would help you in solving acheiving your requirement.

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.20

  host 192.168.1.20

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

access-list outside extended permit tcp any host 192.168.1.10 eq http

access-list outside extended permit tcp any host 192.168.1.20 eq smtp

The above access-list "outside" should be applied to the outside interface with the help of following command:

access-group outside in interface outisde

Thank you,

Pulkit Bhandari

New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Dear Pulkit,

Thank you for your reply. I have applied that access-group, I did not pasted here. I want to know about nat configuration if it is correct or not?

Thank You,

Abhisar.

New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Hi Abhisar,

Yes, i did checked the configuration and found some errors. It might be a Typing error though..

***********************************************

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.10                                   it should be for 192.168.1.20

  host 192.168.1.10

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

***********************************************

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

***********************************************

acces-list outside extended permit tcp any host 192.168.1.10 eq http

acces-list outside extended permit tcp any host 192.168.1.10 eq http         ---> this should be also for 192.168.1.20 for smtp

***********************************************

The corrected configuration should be as follows:

object network obj-192.168.1.10

  host 192.168.1.10

object network obj-192.168.1.20

  host 192.168.1.20

object network obj-1.1.1.1

  host 1.1.1.1

object service HTTP

service tcp source eq http

object service SMTP

service tcp source eq SMTP

nat (inside,outside) source static obj-192.168.1.10 obj-1.1.1.1 service HTTP HTTP

nat (inside,outside) source static obj-192.168.1.20 obj-1.1.1.1 service SMTP SMTP

access-list outside extended permit tcp any host 192.168.1.10 eq http

access-list outside extended permit tcp any host 192.168.1.20 eq smtp

Hope this helps

Please  do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

Thanks

Pulkit Bhandari

New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Dear Pulkit,

Thank you for your reply and correction . This is typing error from my side, what about the logic behind the configuration if is it fine?

Thank You,

Abhisar.

New Member

Cisco ASA 8.6 - Static PAT with same Public IP

Hi Abhisar,

Yes, the logic behind the configuration is correct.

For more details regarding the new  NAT configuration on ASA version 8.3+ you can also refer the following documents:

https://supportforums.cisco.com/docs/DOC-12690

Hope this helps.

Feel free to ask more if needed

- Pulkit

160
Views
0
Helpful
5
Replies
CreatePlease to create content