Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT issue

On my 506E (IOS 6.3(3)) I can run multiple public NATs against a single internal IP but it looks like in 7.0 (ASA5510) its limited to 1:1.

Here's my previous config:

static (inside,outside) xx.xx.xx.10 192.168.1.9 netmask 255.255.255.255 0 0

static (inside,outside) xx.xx.xx.11 192.168.1.9 netmask 255.255.255.255 0 0

etc.

192.168.1.9 is my internal Mail gateway and unforetunately is limited to a single internal IP. I currently have multiple public MX IP records pointing to the single gateway address on my 506E.

Any thoughts on how to handle this with the ASA5510?

Thanks,

Ryan

3 REPLIES

Re: NAT issue

Hi .... static NAT only supports a one-to-one mapping. this applies to any version.

The static command creates a one-to-one address translation rule (called a static translation slot or

“xlate”). Each local address is translated to a fixed global address.

What you could do is to create a vitual adapter on your mail server and give it another IP i.e 192.168.1.10. Then create another static pointing the second Public IP to this IP. In this way you will be reaching the same mail server.

I hope it helps ... please rate it if it does !!

New Member

Re: NAT issue

Fernando,

Thanks for the reply. I must be dealing with bug then because in ver 6.3(3) I can NAT several public IP addresses to a single internal private IP address using the static command. I'm running it successfuly right now.

Unforetunately, it looks like I'm limited to a single private IP address on my mail gateway (Barracuda). I think at this point I might be stuck with changing my MX Host records in DNS for each domain to point back to a single NAT address since in 7.0 I am restricted to a 1:1 translation.

Thoughts?

Thanks,

Ryan

Re: NAT issue

It probably it is a bug as I have never heard of something like that been supported. The release for version 3.3 does not mention anything about it though so perhaps you should reported to cisco ..

99
Views
0
Helpful
3
Replies