Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA One Public IP to Many Private IP Translation

Hello,

Has anyone come across a solution where a customer is trying to map 1 public IP to many internal private IP's?

Thanks.

4 REPLIES
Hall of Fame Super Blue

Re: Cisco ASA One Public IP to Many Private IP Translation

Marlon

This is called port forwarding and is quite common. The main restriction is you need to be using different ports so

static (inside,outside) tcp 195.166.77.1 25 192.168.5.10 25 netmask 255.255.255.255

static (inside,outside) tcp 195.166.77.1 80 192.168.5.11 80 netmask 255.255.255.255

is a perfectly valid configuration where any traffic received on the outside interface of your firewall going to

195.166.77.1 destination port 25 will be sent to 192.168.5.10 port 25

195.166.77.1 destination port 80 will be sent to 192.168.5.11 port 80

but what you can't do is

static (inside,outside) tcp 195.166.77.1 25 192.168.5.10 25 netmask 255.255.255.255

static (inside,outside) tcp 195.166.77.1 25 192.168.5.11 25 netmask 255.255.255.255

where you map the same public IP address and port number to 2 different private IP addresses.

Jon

Community Member

Re: Cisco ASA One Public IP to Many Private IP Translation

Jon,

Thanks for the quick reply. In this case its web services with SSL certificate, so TCP port 443 is what I would be using for port forwarding, but it wont work as I know you can't map the same public IP to more than 1 private IP using the same port number.

Silver

Re: Cisco ASA One Public IP to Many Private IP Translation

solution is a very simple one. You can:

1- get more than 1 static IP addresses

2- put a load balancer such as F5 BigIP so

that the External users only see 1 public

IP but it is load-balance by the BigIP to

multiple servers internally,

3- get a ISA server for reverse-proxy,

Either way, you can not map the same public

IP to more than a private IP on the same

port.

You can get 5 static IPs from Verizon for

like $20/month.

Community Member

Re: Cisco ASA One Public IP to Many Private IP Translation

Thanks for the quick reply.

Option 1 and 2 is no go, however, option number 3 looks interesting. I will look into option 3 further.

Thanks.

775
Views
5
Helpful
4
Replies
CreatePlease to create content