Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

outside NAT

Hi all,

How do i configure outside NAT such that my external public ip is map to one of my  dmz private ip.

What i want is when any address on the internet connects to my public ip on a certain port it will translate to my dmz ip which my server is using.

I am using asdm to configure my cisco asa 5510 firewall. I did a NAT for my source public ip to be translated to my dmz ip. I then set an accesslist to allow any incoming ip on a specific port to access the public ip i configure for outside NAT. But it didnt work. Pls advise. Thks in advance.

4 REPLIES
Cisco Employee

Re: outside NAT

With CLI:

static (DMZ,outside) netmask 255.255.255.255

With ASDM:

Configuration --> Firewall --> NAT Rules --> Add Static NAT rule -->

Original interface: DMZ

Source: dmz-private-ip

Translated interface: outside

Use IP Address: external-public-ip

Then click: OK, and apply.

Access-list applied on the outside interface should allow traffic from "any" towards the external public ip on certain tcp/udp ports.

Hope that helps.

New Member

Re: outside NAT

Hi Halijenn,

Thk you for your prompt response. I know of the steps required for NAT stated in your reply. What i am looking for is when any internet ip access my public ip eg 203.x.x.10 and 203.x.x.11 it will automatically translate to my 1 private ip eg 192.168.10.1. We use to have 2 private ip(192.168.10.1, 192.168.10.2) translate to the 2 public ip stated above, but we have merge the 2 servers into 1.

We would like to continue to use the 2 public ip so that it is a transparent transition for our external customers. Thks in advance.

Silver

Re: outside NAT

Don,


I'm not sure if this approach is supported but I've used something like this in the past when migrating external addresses; proceed at your own risk.


access-list tango permit ip any host 192.168.10.1 any

static (dmz,outside) 203.x.x.10 192.168.10.1
static (dmz,outside) 203.x.x.11 access-list tango




Chris

Cisco Employee

Re: outside NAT

Unfortunately you can't translate 2 public ip addresses to just 1 private ip address as it is not supported.

407
Views
0
Helpful
4
Replies
CreatePlease to create content