cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
901
Views
0
Helpful
9
Replies

Static NAT. 1 IP for 2 different Server.

goransh_pc
Level 1
Level 1

Hello All,

Firstable thank you for your help.

I just have 1 public ip address for my network. This ip address is set in my outside interface on the ASA. It is the one I use for NAT and allow user from  inside network to access Internet. Also I have a web server running on a inside server.

My question is if I can use the only one public ip address I have in the outside interface on my ASA and set a static NAT for the web server internal ip address (private) and create a ACL to allow access from Internet to my Internal web server.

Thank you.

2 Accepted Solutions

Accepted Solutions

That's OK. It's just telling us that we are NAT'ing all ports. We can NAT just a single port with a command like this-

object network 192.168.10.100

nat (inside,outside) static interface service tcp www www

View solution in original post

Below I am assuming that port 88 is the port on the outside and it's being translated to port 80 on the server.

object network 192.168.10.100

nat (inside,outside) static interface service tcp www 88

We can only have 1 NAT per object so we have to create another object even though it is the same public IP.


object network mysql-server

host 192.168.10.200

nat (inside,outside) static interface service tcp 3306 3306

View solution in original post

9 Replies 9

Collin Clark
VIP Alumni
VIP Alumni

Yes you can. First you build your object for the server

object network 192.168.10.100

host 192.168.10.100

description Web Server

Then build your nat

object network 192.168.10.100

nat (inside,outside) static [your public IP]

Then your ACL

access-list outside-in extended permit tcp any host [your public IP] eq 80

Then apply the ACl to the interface in the inbound direction

access-group outside-in in interface outside


Hi Collin,

Thank you for your help.

I tried to do the steps you gave me and the ASA gives me this Error.

ERROR: Address (public address) overlaps with outside interface address.

ERROR: NAT Policy is not downloaded

Any idea ?

Thank you.

Let's try the interface keyword instead of the actual IP.

object network 192.168.10.100

nat (inside,outside) static interface

Hi Collin,

with this

object network 192.168.10.100

nat (inside,outside) static interface

Result:

WARNING: All traffic destined to the IP address of the outside interface is being redirected.

WARNING: Users may not be able to access any service enabled on the outside interface.

Thank you.

That's OK. It's just telling us that we are NAT'ing all ports. We can NAT just a single port with a command like this-

object network 192.168.10.100

nat (inside,outside) static interface service tcp www www

Hi Collin,

What about if I want just the 88 port for http access and 3306 for mysql ?

thank you so much

Below I am assuming that port 88 is the port on the outside and it's being translated to port 80 on the server.

object network 192.168.10.100

nat (inside,outside) static interface service tcp www 88

We can only have 1 NAT per object so we have to create another object even though it is the same public IP.


object network mysql-server

host 192.168.10.200

nat (inside,outside) static interface service tcp 3306 3306

Thank you Collin, so thats the trick 2 different objects !!!

beatiful , thank you so much !!!

Yeah, kinda goofy if you ask me

Glad it helped and thanks for rating.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: