Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Port based nat on ASA

I have two diffrent servers in DMZ zone for example 192.168.1.1 and 192.168.1.2 I am running webserver on both on 1st server application is running on port 80 and on second its running on 90.

I want to map it with a single public IP for example when a user type http://200.10.10.1:80 its should go to 1st server and when http://200.10.10.1:90 it should go to second server .

Is it possible if I use

#ip nat inside source static tcp 192.168.1.1 80 200.10.10.1 80 extendable

#ip nat inside source static tcp 192.168.1.1 90 200.10.10.1 90 extendable

Please let me know or is there any other way to make it work.

Thanks

1 REPLY

Re: Port based nat on ASA

The ip nat statements you have mentioned works on Cisco Router not on the ASA.

If you are using a Cisco ASA firewall , then you need to perform NAT and configure Access lsits to allow traffic from Outside to the DMZ. here are the NAT and ACL statements.

static (dmz,Outside) tcp 200.10.10.1 80 192.168.1.1 80

static (dmz,Outside) tcp 200.10.10.1 90 192.168.1.2 90

access-list out-in permit tcp any host 200.10.10.1 eq 80

access-list out-in permit tcp any host 200.10.10.1 eq 90

access-group out-in in interface Outside

Hope this helps.

606
Views
0
Helpful
1
Replies