https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031262#M398697 <HTML><HEAD></HEAD><BODY><P>yeas you are correct, i hope the earlier nat also port based not the ip to IP</P><P></P><P></P><P>Harish.</P></BODY></HTML> Thu, 27 Sep 2012 13:30:40 GMT Harish Balakrishnan 2012-09-27T13:30:40Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031257#M398692 <P>Client has a block of 5 static IP's for the ISP.&nbsp; They currently have them all in use and set up with static nat (Inside,outside) commands.&nbsp; They are adding a new web application and ftp server that will need to be accessed from the outside.&nbsp; Is it possible to use one public&nbsp; IP address and just use PAT to get to everything?&nbsp; If so, how would I set that up.</P><P></P><P>Below is a portion of the config that they have now, if I use PAT, does this all need removed and changed?&nbsp; I'm really confused on how this would all work, any help is appreciated.</P><P></P><P>object network obj-192.168.1.0 </P><P>subnet 192.168.1.0 255.255.255.0</P><P>object network obj-192.168.2.0 </P><P>subnet 192.168.2.0 255.255.255.0</P><P>object network obj-192.168.3.0 </P><P>subnet 192.168.3.0 255.255.255.0</P><P>object network obj-192.168.1.2 </P><P>host 192.168.1.2</P><P>object network obj-192.168.1.7 </P><P>host 192.168.1.7</P><P>object network obj_any </P><P>subnet 0.0.0.0 0.0.0.0</P><P>object network NETWORK_OBJ_192.168.2.0_24 </P><P>subnet 192.168.2.0 255.255.255.0</P><P>object network obj-192.168.1.2</P><P>nat (inside,outside) static xx.xx.xx.203 dns</P><P>object network obj-192.168.1.7</P><P>nat (inside,outside) static xx.xx.xx.201 dns</P><P>object network obj_any</P><P>nat (inside,outside) dynamic xx.xx.xx.204<SPAN id="mce_marker"> </SPAN></P> Tue, 12 Mar 2019 00:00:03 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031257#M398692 sonitadmin 2019-03-12T00:00:03Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031258#M398693 <HTML><HEAD></HEAD><BODY><P>Hello Sonit</P><P></P><P> if you have one public IP free and the new app lication are in different servers ( different private IP's) you can do port based natting to allow communication from outside.. </P><P></P><P></P><P>Harish.</P></BODY></HTML> Thu, 27 Sep 2012 13:18:14 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031258#M398693 Harish Balakrishnan 2012-09-27T13:18:14Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031259#M398694 <HTML><HEAD></HEAD><BODY><P> Currently there are no public IP's free.&nbsp; I am trying to consolidate by using PAT.&nbsp; Can this be done?</P><P></P><P>Thanks!</P></BODY></HTML> Thu, 27 Sep 2012 13:21:39 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031259#M398694 sonitadmin 2012-09-27T13:21:39Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031260#M398695 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as that port is not in use by the internal server that is mapped with the public IP address I think it should work.</P><P></P><P>Just make sure you use a Manual NAT so it will take precedence over the Object NAT configuration you have in place. </P><P></P><P></P><P>nat (inside,outside) source static <PRIVATE_IP><PUBLIC_IP> service <SERVICE> <SERVICE></SERVICE></SERVICE></PUBLIC_IP></PRIVATE_IP></P><P></P><P>*Make sure you create all the required groups (network-ojects, object-service)</P><P></P><P>Luis</P></BODY></HTML> Thu, 27 Sep 2012 13:22:26 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031260#M398695 Luis Silva Benavides 2012-09-27T13:22:26Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031261#M398696 <HTML><HEAD></HEAD><BODY><P> So let's say that I have a public IP 50.50.50.50 that is already in a static nat command to internal 192.168.1.2 and access list setup to allow pop, http, https, and smtp to this server.</P><P></P><P>I cannot setup the above and tell it to use the same 50.50.50.50 address for http but point it to another server?</P></BODY></HTML> Thu, 27 Sep 2012 13:28:05 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031261#M398696 sonitadmin 2012-09-27T13:28:05Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031262#M398697 <HTML><HEAD></HEAD><BODY><P>yeas you are correct, i hope the earlier nat also port based not the ip to IP</P><P></P><P></P><P>Harish.</P></BODY></HTML> Thu, 27 Sep 2012 13:30:40 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031262#M398697 Harish Balakrishnan 2012-09-27T13:30:40Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031263#M398698 <HTML><HEAD></HEAD><BODY><P> So with all the current IP's in use to a port (static nat command) already, would it be easier to get a bigger block and just change IP's?</P></BODY></HTML> Thu, 27 Sep 2012 13:36:23 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031263#M398698 sonitadmin 2012-09-27T13:36:23Z https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031264#M398699 <HTML><HEAD></HEAD><BODY><P> If it urgent, </P><P></P><P>you can select one public IP which is not using for web/ftp and that can be used for setting up the existing and the new appkications based on port..</P><P>for example your 50.50.50.50 is being used for only smtp but it is natted to IP to IP</P><P></P><P>that has to be changed&nbsp; 3 different port based nat, for smtp ( existing), ftp &amp; web ( new)..</P><P>getting a new pool or expanding the pool, is really depend on your provider</P><P></P><P>hope this helps</P><P></P><P></P><P>Please rate helpful posts</P><P>Harish.</P></BODY></HTML> Thu, 27 Sep 2012 13:44:04 GMT https://community.cisco.com/t5/network-security/setting-up-pat/m-p/2031264#M398699 Harish Balakrishnan 2012-09-27T13:44:04Z