Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Port based nat on ASA

I have two diffrent servers in DMZ zone for example and I am running webserver on both on 1st server application is running on port 80 and on second its running on 90.

I want to map it with a single public IP for example when a user type its should go to 1st server and when it should go to second server .

Is it possible if I use

#ip nat inside source static tcp 80 80 extendable

#ip nat inside source static tcp 90 90 extendable

Please let me know or is there any other way to make it work.



Re: Port based nat on ASA

The ip nat statements you have mentioned works on Cisco Router not on the ASA.

If you are using a Cisco ASA firewall , then you need to perform NAT and configure Access lsits to allow traffic from Outside to the DMZ. here are the NAT and ACL statements.

static (dmz,Outside) tcp 80 80

static (dmz,Outside) tcp 90 90

access-list out-in permit tcp any host eq 80

access-list out-in permit tcp any host eq 90

access-group out-in in interface Outside

Hope this helps.