Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT issue on FWSM

Hi ,

We are having a server which ip is 10.11.16.21 . We have already NAT it with 115.110.103.11 for the port no. from 80 to 90 . It’s working fine .

Now, we need to map the above mentioned internal ip (10.11.16.21) with the other public ip 115.110.103.14 for the same port no. (80 to 90) . It’s a requirement from our client .

Sample commands executed :

  1. static (INSIDE-HTTPGTW,INTERNET) tcp 115.110.103.11 81 10.11.16.21 81 netmask 255.255.255.255
  2. static (INSIDE-HTTPGTW,INTERNET) tcp 115.110.103.14 81 10.11.16.21 81 netmask 255.255.255.255

When we execute the 2nd command,it shows an error “duplicate of existing static” .

Kindly guide , how could we do this .

Thanks in Adv. :)

5 REPLIES
Hall of Fame Super Silver

A given host can only have a

A given host can only have a single static NAT for a given port number.

Otherwise how would the firewall know which one to use?

New Member

Thanks Marvin for reply .

Thanks Marvin for reply .

Actually , we want to implement a redundant NAT . Coz , server receives the data from modem . We configure both the public IPs on modem .

Previously this config. was implemented on other firewall called 'Cyberoam' & it was working fine . Now . we are moving it on to cisco FWSM .

Hall of Fame Super Silver

I don't know what a Cyberoam

I don't know what a Cyberoam is but you cannot configure it the way you are trying using a Cisco FWSM.

If you could provide a more complete system explanation we might be able to suggest an alternative.

New Member

Marvin ,

Marvin ,

Can we do one thing . Assign 2 ip addresses to the server of same range viz.10.11.16.21 & 10.11.16.22 . And then map these 2 internal ip addresses with the 2 public ip addresses .

Hall of Fame Super Silver

That would be ok on the

That would be ok on the firewall. On the server however, one or the other address would be in use at a given time unless you did some hack of the host routing table. 

Its all a bit of a hack - if we knew the overall architecture and requirements we might be able to suggest a more elegant and supportable solution. 

2
Views
0
Helpful
5
Replies