12-15-2008 04:45 PM - edited 02-21-2020 03:10 AM
Hi, all
I have the following situation
The following rules of static nat
static (inside, outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255
static (inside, outside) tcp 200.200.200.200 8080 10.0.0.200 80 netmask 255.255.255.255
I would like to redirect all packages destined for port 8080 and 80 of ip address 200.200.200.200,
to the private IP address 10.0.0.200 on port 80.
I tried to do that the ASA says that there is already a rule, there is some way it be done?
regards.
Solved! Go to Solution.
12-15-2008 05:59 PM
I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.
you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.
static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255
static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255
see examples of port redirection
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml
regards
12-15-2008 05:59 PM
I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.
you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.
static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255
static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255
see examples of port redirection
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml
regards
12-16-2008 12:06 PM
hi,
I found another solution with the help of tac cisco.
access-list policy1 permit tcp host 10.0.0.201 eq 80 any
access-list policy2 permit tcp host 10.0.0.201 eq 80 any
static (inside,outside) tcp 200.200.200.200 80 access-list policy1
static (inside,outside) tcp 200.200.200.200 8080 access-list policy2
regards
12-16-2008 12:42 PM
Right..Policy NAT, thanks for sharing .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: