Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

two public ip with single inside ip natt

Hi

I am using Cisco ASA 5512-X with ios 9.1(2).

Our Server Local ip is 192.168.1.118 & it is natted with public ip 12.12.12.2 & TCP Ports 80 is open. command is given as below.

object network obj-192.168.1.118

 description Server

 host 192.168.1.118

 nat (inside,outside) static 12.12.12.2

 

access-list 100 extended permit tcp any host 192.168.1.118 eq 80

access-group 100 in interface outside

 

above configuration is working.

New Requirement:

Additionally we need to Natt same Server Local ip is 192.168.1.118 with different Public ip 12.12.12.5 & open the TCP port 3389.

Kindly help us to do this.

 

Thanks

Vinod Kumar Gupta

3 REPLIES
VIP Purple

The easiest is to just add a

The easiest is to just add a port-forward for that particle service:

object network obj-192.168.1.118-RDP
 host 192.168.1.118
 nat (inside,outside) static 12.12.12.5 service tcp 3389 3389
access-list 100 extended permit tcp any host 192.168.1.118 eq 3389

But if it's the same internal server, you also could use the existing NAT (with IP 12.12.12.2) and just extend your ACL with the above line. That could be much easer to understand for someone reading the config if a single internal server has always the IP on the outside.

 


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

thanksI have tested above

thanks

I have tested above solution for port farwarding . The service is getting telnet on public ip 12.12.12.5 on port 3389 but the ip address 12.12.12.5 is not pinging from outside while 12.12.12.2 is pinging.

 

Please suggest.

VIP Purple

Yes, that's the configuration

Yes, that's the configuration. For .5 only RDP is forwarded to the internal server. If you really want many services to the server, you really should run them all over the same public IP. That makes the config less complex. And complexity is one of the enemies of security.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
40
Views
0
Helpful
3
Replies
CreatePlease to create content