Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is this possible with NAT on ASAs?

Is it possible to set up NAT translations to do the following on our

1) Have an external address ( associated with an internal address (
so that any externally initiated internet traffic directed to gets redirected
internally by the ASA to, and...

2) At the same time, associate the same external address ( with a different
internal address ( so that any traffic initiated internally from outbound to the internet gets NATTed with source address by the ASA.

Basically we want the two to coexist, so that outside users initiating traffic to
always get directed to, while at the same time having any outbound traffic to
the outside world initiated from server to get NATted to the same outside

I am wondering if using policy NAT would allow the two to coexist but cannot find any
examples showing this....


is this possible with NAT on ASAs?

Hello Jshapura,

No, you cannot mapped 1 public ip address to 2 different host.



Julio Carvajal
Senior Network Security and Core Specialist

is this possible with NAT on ASAs?


With policy NAT, I guess you can PAT to 2 internal IPs while allowing outside users to allow hitting one of the server. Try the below...

access-list test extended permit ip host any

access-list test extended permit ip host any

nat (inside) 1 access-list test

global (outside) 1

nat (inside) 2 0 0  

global (outside) 2 interface

Nat 2 is for rest of your internal hosts. If you already have Nat id 1 with internal hosts, add this as Nat 2 and it should work.

Your access list from outside to inside stays the same.

You may need to remove existing static (inside,outside) for and clear the existing xlate.

Hope I understood your requirement correct.



New Member

Re: is this possible with NAT on ASAs?

Interesting question but a number of suggestions for you.

Read ant dns doctoring

Do NLB internally for the two machines , possible thru Cisco ace or ollder Cisco CSS box!

And always remember when a user have session using link A to machine A it must get back to the originator using same link and cannot use link B or machine b to send request backward !,,,


Sent from Cisco Technical Support iPad App

CreatePlease login to create content