Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nat static with asa 5520

Hi, all

I have the following situation

The following rules of static nat

static (inside, outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

static (inside, outside) tcp 200.200.200.200 8080 10.0.0.200 80 netmask 255.255.255.255

I would like to redirect all packages destined for port 8080 and 80 of ip address 200.200.200.200,

to the private IP address 10.0.0.200 on port 80.

I tried to do that the ASA says that there is already a rule, there is some way it be done?

regards.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Nat static with asa 5520

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.

you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.

static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

regards

3 REPLIES

Re: Nat static with asa 5520

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.

you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.

static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

regards

New Member

Re: Nat static with asa 5520

hi,

I found another solution with the help of tac cisco.

access-list policy1 permit tcp host 10.0.0.201 eq 80 any

access-list policy2 permit tcp host 10.0.0.201 eq 80 any

static (inside,outside) tcp 200.200.200.200 80 access-list policy1

static (inside,outside) tcp 200.200.200.200 8080 access-list policy2

regards

Re: Nat static with asa 5520

Right..Policy NAT, thanks for sharing .

294
Views
5
Helpful
3
Replies
CreatePlease login to create content