Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static NAT. 1 IP for 2 different Server.

Hello All,

Firstable thank you for your help.

I just have 1 public ip address for my network. This ip address is set in my outside interface on the ASA. It is the one I use for NAT and allow user from  inside network to access Internet. Also I have a web server running on a inside server.

My question is if I can use the only one public ip address I have in the outside interface on my ASA and set a static NAT for the web server internal ip address (private) and create a ACL to allow access from Internet to my Internal web server.

Thank you.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Static NAT. 1 IP for 2 different Server.

That's OK. It's just telling us that we are NAT'ing all ports. We can NAT just a single port with a command like this-

object network 192.168.10.100

nat (inside,outside) static interface service tcp www www

Re: Static NAT. 1 IP for 2 different Server.

Below I am assuming that port 88 is the port on the outside and it's being translated to port 80 on the server.

object network 192.168.10.100

nat (inside,outside) static interface service tcp www 88

We can only have 1 NAT per object so we have to create another object even though it is the same public IP.


object network mysql-server

host 192.168.10.200

nat (inside,outside) static interface service tcp 3306 3306

9 REPLIES

Re: Static NAT. 1 IP for 2 different Server.

Yes you can. First you build your object for the server

object network 192.168.10.100

host 192.168.10.100

description Web Server

Then build your nat

object network 192.168.10.100

nat (inside,outside) static [your public IP]

Then your ACL

access-list outside-in extended permit tcp any host [your public IP] eq 80

Then apply the ACl to the interface in the inbound direction

access-group outside-in in interface outside


New Member

Re: Static NAT. 1 IP for 2 different Server.

Hi Collin,

Thank you for your help.

I tried to do the steps you gave me and the ASA gives me this Error.

ERROR: Address (public address) overlaps with outside interface address.

ERROR: NAT Policy is not downloaded

Any idea ?

Thank you.

Re: Static NAT. 1 IP for 2 different Server.

Let's try the interface keyword instead of the actual IP.

object network 192.168.10.100

nat (inside,outside) static interface

New Member

Re: Static NAT. 1 IP for 2 different Server.

Hi Collin,

with this

object network 192.168.10.100

nat (inside,outside) static interface

Result:

WARNING: All traffic destined to the IP address of the outside interface is being redirected.

WARNING: Users may not be able to access any service enabled on the outside interface.

Thank you.

Re: Static NAT. 1 IP for 2 different Server.

That's OK. It's just telling us that we are NAT'ing all ports. We can NAT just a single port with a command like this-

object network 192.168.10.100

nat (inside,outside) static interface service tcp www www

New Member

Re: Static NAT. 1 IP for 2 different Server.

Hi Collin,

What about if I want just the 88 port for http access and 3306 for mysql ?

thank you so much

Re: Static NAT. 1 IP for 2 different Server.

Below I am assuming that port 88 is the port on the outside and it's being translated to port 80 on the server.

object network 192.168.10.100

nat (inside,outside) static interface service tcp www 88

We can only have 1 NAT per object so we have to create another object even though it is the same public IP.


object network mysql-server

host 192.168.10.200

nat (inside,outside) static interface service tcp 3306 3306

New Member

Re: Static NAT. 1 IP for 2 different Server.

Thank you Collin, so thats the trick 2 different objects !!!

beatiful , thank you so much !!!

Re: Static NAT. 1 IP for 2 different Server.

Yeah, kinda goofy if you ask me

Glad it helped and thanks for rating.

133
Views
0
Helpful
9
Replies
CreatePlease login to create content