topic thanksI have tested above in Network Security

two public ip with single inside ip natt

dabur10376004 — Tue, 12 Mar 2019 04:43:09 GMT

I am using Cisco ASA 5512-X with ios 9.1(2).

Our Server Local ip is 192.168.1.118 & it is natted with public ip 12.12.12.2 & TCP Ports 80 is open. command is given as below.

object network obj-192.168.1.118

description Server

host 192.168.1.118

nat (inside,outside) static 12.12.12.2

access-list 100 extended permit tcp any host 192.168.1.118 eq 80

access-group 100 in interface outside

above configuration is working.

New Requirement:

Additionally we need to Natt same Server Local ip is 192.168.1.118 with different Public ip 12.12.12.5 & open the TCP port 3389.

Kindly help us to do this.

Thanks

Vinod Kumar Gupta

The easiest is to just add a

Karsten Iwen — Sat, 06 Sep 2014 20:46:03 GMT

The easiest is to just add a port-forward for that particle service:

object network obj-192.168.1.118-RDP host 192.168.1.118 nat (inside,outside) static 12.12.12.5 service tcp 3389 3389 access-list 100 extended permit tcp any host 192.168.1.118 eq 3389

But if it's the same internal server, you also could use the existing NAT (with IP 12.12.12.2) and just extend your ACL with the above line. That could be much easer to understand for someone reading the config if a single internal server has always the IP on the outside.

thanksI have tested above

dabur10376004 — Sat, 06 Sep 2014 21:53:23 GMT

thanks

I have tested above solution for port farwarding . The service is getting telnet on public ip 12.12.12.5 on port 3389 but the ip address 12.12.12.5 is not pinging from outside while 12.12.12.2 is pinging.

Please suggest.

Yes, that's the configuration

Karsten Iwen — Sat, 06 Sep 2014 22:03:46 GMT

Yes, that's the configuration. For .5 only RDP is forwarded to the internal server. If you really want many services to the server, you really should run them all over the same public IP. That makes the config less complex. And complexity is one of the enemies of security.