Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Making 3 static nats to the same inside ip address on ASA

Is it possible to make a static nat with 3 public ip address on the outside interface of the asa to the same internal ip address on the inside side?

5 REPLIES
Community Member

Re: Making 3 static nats to the same inside ip address on ASA

What are you trying to achieve by doing this?

Usually you would want to map one external IP address to multiple internal IP's

Community Member

Re: Making 3 static nats to the same inside ip address on ASA

The old firewall is working like this, and I will upgrade to ASA. So I must do this in one way there should be a workaround...

Cisco Employee

Re: Making 3 static nats to the same inside ip address on ASA

Hi,

I dont think it is possible to configure multiple public IP Address to the same internal IP Address.

One option might be, to do something like the below configuration provided you want the users to use different public ip address for different services.

static (inside,outside) tcp 172.16.1.1 telnet 192.168.1.1 telnet netmask 255.255.255.255

static (inside,outside) tcp 172.16.1.2 www 192.168.1.1 www netmask 255.255.255.255

static (inside,outside) tcp 172.16.1.3 https 192.168.1.1 https netmask 255.255.255.255

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: Making 3 static nats to the same inside ip address on ASA

To map multiple global addresses to a single local, you want policy nat:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

--Matt

Re: Making 3 static nats to the same inside ip address on ASA

Is it possible to make a static nat with 3 public ip address on the outside interface of the asa to the same internal ip address on the inside side?

Of course it is possible by using a technique called Policy NAT, the link provided by Matt can give example.

Have a look in this thread for another example I tested for someone a while back that had same same requirements.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cc08aab/0#selected_message

Rgds

Jorge

157
Views
0
Helpful
5
Replies
CreatePlease to create content