Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

URGENT - static NAT using multiple external address

Hello,

I have a question about Static NAT.

My client use a Linux Firewall for Connection partners using L2L (about 70). He bought two 5520 to replace the current Linux Firewall. I conducted a survey of access rules for migration of the firewall and I have problems with some rules for nat statico. Today many clients connect to an external address static nat configured in Firewall for port redirection, but this by using multiple outside addresses to the same address inside. As we know there is a limitation to this configuration when using NAT on the ASA / PIX. Next example below:

static (inside,outside) tcp 200.200.200.10 80 10.10.10.10 netmask 255.255.255.255 80

static (inside,outside) tcp 200.200.200.20 80 10.10.10.10 netmask 255.255.255.255 80

Have any tips on how I can treat this type of NAT?

The client is even thinking about rolling back the purchase of Cisco ASA due to this limitation.

Can you help?

Thank you very much !!

Att:

Rubens

4 REPLIES
Cisco Employee

Re: URGENT - static NAT using multiple external address

Rubens,

That cannot be implemented on an ASA. With statics, or even policy statics it won't work. The ASA will complain about mapped address conflicts.

The question would be why do you want to do that?

PK

New Member

Re: URGENT - static NAT using multiple external address

Hi PK,

Exactly right. I know that conflicts, but the client is very moroless because it uses a Linux configuration that accomplishe this without major problems. Posted this case here, to verify together if

can find a solution rsrsrsr ...

Re: URGENT - static NAT using multiple external address

you might want to check this

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

and restrict the access to port 80 with a access-list on the outside interface. Not sure if this would work with ports in either access-list or static.

Cisco Employee

Re: URGENT - static NAT using multiple external address

vikram's solution will still not work. The ASA will give an error.

It cannot be done.

PK

155
Views
0
Helpful
4
Replies
CreatePlease login to create content