Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
5
Helpful
3
Replies

Nat static with asa 5520

Go to solution
r-barbosa
Level 1
Level 1

‎12-15-2008 04:45 PM - edited ‎02-21-2020 03:10 AM

Hi, all

I have the following situation

The following rules of static nat

static (inside, outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

static (inside, outside) tcp 200.200.200.200 8080 10.0.0.200 80 netmask 255.255.255.255

I would like to redirect all packages destined for port 8080 and 80 of ip address 200.200.200.200,

to the private IP address 10.0.0.200 on port 80.

I tried to do that the ASA says that there is already a rule, there is some way it be done?

regards.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-15-2008 05:59 PM

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.

you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.

static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

regards

Jorge Rodriguez

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-15-2008 05:59 PM

I do not believe you can use port redirection using same destination local IP on port 80 that way, fw will give you duplicate static entries.

you could however work around it and give 10.0.0.200 NIC a secondary IP address i.e 10.0.0.201 and do the static as follow.

static (inside,outside) tcp 200.200.200.200 8080 10.0.0.201 www netmask 255.255.255.255

static (inside,outside) tcp 200.200.200.200 80 10.0.0.200 80 netmask 255.255.255.255

see examples of port redirection

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

regards

Jorge Rodriguez
0 Helpful

Go to solution
r-barbosa
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-16-2008 12:06 PM

hi,

I found another solution with the help of tac cisco.

access-list policy1 permit tcp host 10.0.0.201 eq 80 any

access-list policy2 permit tcp host 10.0.0.201 eq 80 any

static (inside,outside) tcp 200.200.200.200 80 access-list policy1

static (inside,outside) tcp 200.200.200.200 8080 access-list policy2

regards

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to r-barbosa

‎12-16-2008 12:42 PM

Right..Policy NAT, thanks for sharing .

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card