Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

nat question, one outside IP mapped to two different inside ip and ports

Hi

Need help

i want to nat one outside IP x.x.x.x port 80 to DMZ host y.y.y.y port 80

then                             IP x.x.x.x port 443 to DMZ host y.y.y.y port 443

and                     outside IP x.x.x.x port 8443 to DMZ host z.z.z.z port 8443

                          outside IP x.x.x.x port 8080 to DMZ host z.z.z.z port 8080

No Idea...

regards

Chris

  • Firewalling
Everyone's tags (8)
3 REPLIES

nat question, one outside IP mapped to two different inside ip a

You can very well do it this is called port forwarding .

command will depend on ASA version of software you are using.

nat question, one outside IP mapped to two different inside ip a

Sorry foget to say i use version 8.4.2 .

Red

nat question, one outside IP mapped to two different inside ip a

Hi Christian,

You need this configuration:

object network obj-x.x.x.x

   host x.x.x.x

object network obj-y.y.y.y

   host y.y.y.y

object network obj-z.z.z.z

   host z.z.z.z

object service tcp_80

  service tcp destination eq 80

object service tcp_443

  service tcp destination eq 443

object service tcp_8443

  service tcp destination eq 8443

object service tcp_8080

  service tcp destination eq 8080

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-y.y.y.y service tcp_80 tcp_80

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-y.y.y.y service tcp_443 tcp_443

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-z.z.z.z service tcp_8443 tcp_8443

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-z.z.z.z service tcp_8080 tcp_8080

If the outside Ip is the outside interface IP, then just replace "obj-x.x.x.x" with the keyword "interface" in it.

Hoep that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
615
Views
5
Helpful
3
Replies