Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port forwading on ASA5520/8.21

Hi,

I have setup NAT/PAT on ASA5520 and it 's working properly. Right now, I have one webserver resides on inside network and I want to forward 2 different IP addresses to this inside server by the same port, like below

Outside IP address1:80 -> Inside IP address:80

Outside IP address2:80 -> Inside IP address:80

But ASA doesn't allow me to do that, it prompts "ERROR: duplicate of existing static".

Can anyone advise how to achieve it? TIA!

5 REPLIES

Re: Port forwading on ASA5520/8.21

New Member

Re: Port forwading on ASA5520/8.21

Jorge, thanks a lot.

The link instructs how to translate multiple IP addressed to a single IP addres. It works fine.

But is there any way to do the port translation like I mentioned above?

I trid below command but it didn't go.

static (inside,outside) tcp 172.16.1.10 8080 access-list Test ?

configure mode commands/options:

<0-65535> The maximum number of simultaneous tcp connections the local IP

hosts are to allow, default is 0 which means unlimited

connections. Idle connections are closed after the time

specified by the timeout conn command

dns Use the created xlate to rewrite DNS address record

netmask Configure Netmask to apply to IP addresses

norandomseq Disable TCP sequence number randomization

tcp Configure TCP specific parameters

udp Configure UDP specific parameters

Certainly, I can set up the ACE to block other ports on that IP address translation instead.

Thank you.

Re: Port forwading on ASA5520/8.21

say local IP 10.10.10.10 - and public IPs 20.20.20.20, 20.20.20.30

access-list policy1 permit tcp host 10.10.10.10 eq 80 any

access-list policy2 permit tcp host 10.10.10.10 eq 80 any

static (inside,outside) tcp 20.20.20.20 8080 access-list policy1

static (inside,outside) tcp 20.20.20.30 8080 access-list policy2

Is this what you're trying to do?

[edit]

made couple of corrections - probably need to lab this one , but try it.

Regards

New Member

Re: Port forwading on ASA5520/8.21

This way is also working!

Thanks a lot.

Re: Port forwading on ASA5520/8.21

You're welcome - glad is working.

282
Views
9
Helpful
5
Replies