Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Two nat - One Public IP

Hi,

I have one public Ip address and wants to nat with one DMZ address and one insdie address

DMZ address for smtp ( anyone from outside should be able to connect to smtp server)

Inside address for http ( anyone from internet should be able to access web-server )

Is this possible.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Two nat - One Public IP

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

4 REPLIES

Re: Two nat - One Public IP

Certainly,

If your public address is the one assigned to your outside interface, this is how its done.

static (inside,outside) tcp interface 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 mail-server-ip 25 netmask 255.255.255.255

Re: Two nat - One Public IP

Also, in addition to the static NAT statements, you will have to allow TCP port 80 and port 25 on your OUTSIDE interface Access-List.

New Member

Re: Two nat - One Public IP

Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP.

Is similar scenario documented on cisco documentation. Any Help.

Hall of Fame Super Blue

Re: Two nat - One Public IP

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

155
Views
0
Helpful
4
Replies