Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT on ASA 5510

Hi,

I have the following requirement....

I would like to NAT 3 public ip addresses to one inside ip address and same destination port.

What I mean is.... say for example I have the following 3 public ip address 85.x.x.1, 85.x.x.2 & 85.x.x.3.... so whenever anybody from internet trys to access 85.x.x.1-3 on say tcp port number 25 it should get translated to the one single inside ip 10.x.x.10 tcp port 25....

Hope my requirement is clear...

How to acheive this ?? anybody suggest me on this pls...

Regards

5 REPLIES
New Member

Re: NAT on ASA 5510

This should be simple enough. Do you want to send ports to different internal servers? or a simple one to one nat?

if you want a simple one to one nat, just click on the NAT tab on the configuration screen, and create a nat from the Private IP to the Public or External IP. You should be able to make as many as you want.

If you want to route say port 25 to a different server, and have say port 80 go to a different server, the process is simular, however use the PAT "Port Address Translation" checkbox.

I hope this helps.

Green

Re: NAT on ASA 5510

If you attempt the following...

static (inside,outside) 85.x.x.1 10.x.x.10 netmask 255.255.255.255

static (inside,outside) 85.x.x.2 10.x.x.10 netmask 255.255.255.255

or

static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 smtp 10.x.x.10 smtp netmask 255.255.255.255

you will receive this "ERROR: duplicate of existing static".

New Member

Re: NAT on ASA 5510

Hi,

Yes acomiskey, I'm getting the same error and I really want to acheive the same as you had mentioned.... so whats the way out to solve this issue....

It would be of really a great help if someone help me to solve this issue....

Thanks

Green

Re: NAT on ASA 5510

Not sure that you can do that, but you can do this..

static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 www 10.x.x.10 www netmask 255.255.255.255

New Member

Re: NAT on ASA 5510

Hi,

I'm running the same limitation, where my customer has only one SPAM/Relay, wich is the Barracuda that serves two different domains, so each domain has a unique MX, lets say IP "1.1.1.1" for domain "A.COM" and IP "2.2.2.2" for domain "B.COM".

So I tried exactly the same, doing:

static (inside,outside) tcp 1.1.1.1 25 X.X.X.X 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp 2.2.2.2 25 X.X.X.X 25 netmask 255.255.255.255 0 0

In this case, run the MX on different IPs is required to do right reverse DNS lookups.

So, the idea is to have one local IP being NATed to two global IPs.

Today, he haves a linux based firewall that allows it, so is very complicated to explain why Cisco can?t do that...

If you found some solution, please notify me.

125
Views
0
Helpful
5
Replies