cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
2
Replies

One to Many NAT rules to the same DMZ IP

gercedeno
Level 1
Level 1

Hello Team,

Could you please let me know if it is possible to provision 3 different public IP addresses to the same DMZ IP (Web server) on an ASA running ver 8.2(4)? Unfortunately, the way the server was provisioned Static or Dynamic PAT will not work.  I have read that ver 8.3 and up supports natively one-to-many NAT translations, but at this point the client is not ready for an upgrade. Is there anything else I could do to overcome this challenge?

Outside --------> DMZ

200.1.1.1------> 10.1.1.1

200.1.1.2------> 10.1.1.1

200.1.1.3------> 10.1.1.1

Thank you,

Gerson

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I can think of a couple of ways to view the same local server with multiple IP addresses.

But to be honest I would need to know more about why you would want such a setup. Why would you need 3 different public IP addresses on a single local host?

Can you provide some information on the setup you are trying to achieve.

- Jouni

Maykol Rojas
Cisco Employee
Cisco Employee

Hello gerson

U can try the following:

Access-list pnat permit ip host 1.1.1.1 any

Access-list pnat2 permit ip host 1.1.1.1any

Access-list pnat3 permit ip host 1.1.1.1 any

Static (dmz,out) access-list pnat

Static (dmz,out) access-list pnat2

Static (dmz,out) access-list pnat3

With this config it can receive conn from any to those ip addresses but when it initiates connections it will only use the first one on the list.

Hope it helps

Mike

Sent from Cisco Technical Support iPhone App

Mike
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: