Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA

Can anyone let me know if I can nat 1 external ip to 3 internal ips? I have a client who wants to remote in on 3 different boxes on 1 ip address using idfferent port numbers.

Thanks for any help.

6 REPLIES
Bronze

Re: ASA

Hi,

This document shoud give you what you need

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t10

See the section called port redirection

Regards

Bronze

Re: ASA

Here is an example config

static (inside,outside) tcp 195.1.1.1 2001 10.1.1.1 ssh netmask 255.255.255.255

static (inside,outside) tcp 195.1.1.1 2002 10.1.1.2 ssh netmask 255.255.255.255

static (inside,outside) tcp 195.1.1.1 2003 10.1.1.3 ssh netmask 255.255.255.255

access-list in_on_outside permit tcp any host 195.1.1.1 range 2001 2003

Where 195.1.1.1 is external IP and 10.1.1.x is the internal IPs

Regards

New Member

Re: ASA

Can you put ranges on this as well?

static (inside,outside) tcp 195.1.1.1 2001 10.1.1.1 ssh netmask 255.255.255.255

like 2001 - 2005

Bronze

Re: ASA

Hi,

I'm afraid you can't use a range on the static command.

Regards

New Member

Re: ASA

Can I use a global outside command? For each of the 3 internal IP addresses I need to show ports

5631-5634, 1580-81, & 8081 - internal 1

5635-5638, 1582-83, & 8082 - internal 2

5639-5642, 1584-85, & 8083 - internal 3

Thanks,

Jeff

New Member

Re: ASA

Yes you can provided the internal hosts all require different port numbers.

See the following port redirection example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t10

119
Views
0
Helpful
6
Replies
CreatePlease to create content