Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Three FTP batch servers NATTED to a single Public on an ASA

We currently have three batch servers that send batch files out to customers, we don't accept connections inbound (no connections initiated from the customer to us). Currently those batch servers pass through an old Cisco CSS (content services switch) and when it does it basically NATs those three source IPs into a single IP (172.31.2.4). On the ASA there's a static NAT that NATs that single IP to a public IP, no big deal so far and this all works for active and passive FTP connections. 

 

Now we want to remove those old CSSs so the batch servers would pass through the network to the external firewalls without being NATTED  (unlike what is happening today when they are NATTED to 172.31.2.4). I want to know if I create a dynamic (PAT) nat on the ASA to take those three batch server IP addresses and NAT them to a single IP, does anything see a problem with that? Will Active and Passive FTP continue to work? I assume it will. I believe a static NAT would not work in this scenario and that I would need to use dynamic (PAT). Thoughts?   

Everyone's tags (1)
2 REPLIES
Cisco Employee

Hi,So , If i understand it

Hi,

So , If i understand it correctly , this was the setup with CSS in place:-

Three IP >> CSS >> 1 IP >>>ASA >> Public IP

Now ,

Three IP >> ASA >> Public IP

Now , as the Server is behind the ASA device you would need a separate Static PAT/Static NAT for each IP for the servers to get it to work.

Please let me know if you have any queries.

Thanks and Regards,

Vibhor Amrodia

Community Member

Does that mean I also need a

Does that mean I also need a separate public ip for each now also? Or simply just a separate static nat for each source IP to the same public IP? 

Example:

Nat (inside,outside) 1 source static object-172.16.1.1 public-ip01

Nat (inside,outside) 2 source static object-172.16.1.2 public-ip01

Nat (inside,outside) 3 source static object-172.16.1.3 public-ip01

 

33
Views
0
Helpful
2
Replies
CreatePlease to create content