Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Two statics to one internal host

We have an ASA5200. It's outside global IP address is 192.168.2.2. I need it to forward DNS requests to an inside host at 10.9.2.2. I also need it to answer for smtp traffic sent to global IP 192.168.2.25 and to forward that to the same inside host, 10.9.2.2. I get an error when I try to configure 2 statics to the same internal host. How can I do this? Thanks.

1 REPLY

Re: Two statics to one internal host

Here are some examples:

1a)With just one public IP (Port Redirect):

access-list acl_out permit tcp any host YourPublic-IP eq smtp

access-list acl_out permit tcp any host YourPublic-IP eq pop3

access-list acl_out permit tcp any host YourPublic-IP eq 443

access-list acl_out permit tcp any host YourPublic-IP eq www

access-group acl_out in interface outside

static (inside,outside) tcp YourPublic-IP 25 Local-IP1 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp YourPublic-IP 110 Local-IP1 110 netmask 255.255.255.255 0 0

static (inside,outside) tcp YourPublic-IP 80 Local-IP2 80 netmask 255.255.255.255 0 0

static (inside,outside) tcp YourPublic-IP 443 Local-IP2 443 netmask 255.255.255.255 0 0

----------------------------------------------------

1b) Totaly dynamic IP DHCP (one ip):

access-list acl_out permit tcp any interface outside eq smtp

access-list acl_out permit tcp any interface outside eq pop3

access-list acl_out permit tcp any interface outside eq http

access-list acl_out permit tcp any interface outside eq 443

access-group acl_out in interface outside

static (inside,outside) tcp interface 25 Local-IP1 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 110 Local-IP1 110 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface http Local-IP2 http netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 443 Local-IP2 443 netmask 255.255.255.255 0 0

2.) Clear translation table after changing Translation Table:

clear xlate

# Note this will reset the NAT Table.

sincerely

Patrick

92
Views
0
Helpful
1
Replies
CreatePlease login to create content