https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483188#M427572 <HTML><HEAD></HEAD><BODY><P>I am not sure how it can be done in ASA but should be similar to how it is done in FWSM/PIX. What you need is Static PAT where you map the same global IP to different ports on indivudual app servers internally.</P><P></P><P>Following example would give you better idea about things</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/nat.htm#wp1159124" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/nat.htm#wp1159124</A></P><P></P><P></P><P>Hope this helps</P></BODY></HTML> Wed, 25 Jan 2006 01:31:18 GMT varakantam 2006-01-25T01:31:18Z https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483187#M427571 <P>I am converting from a symantec enterprise firewall to a cisco asa 5510. Currently I have it setup so that any traffic designated for my external firewall port using port 80 gets directed to a web server and anything using port 25 gets directed to my smtp mail server. How do I set this up in the ASA? Do I have to use 2 external IP's each natted to the proper IP or can I share one like I am currently doing?</P><P></P><P>I have a few extra public IP's. I added one of them as a host and tried to configure it to nat to my internal web server and created a rule allowing port 80 traffic from any external entity to this web server. Every time I test it I get a tcp syn timeout. </P><P></P><P>I am a beginner with the cisco so I assume its something I am doing wrong. Anyone have any advice?</P><P></P><P> </P> Fri, 21 Feb 2020 08:39:59 GMT https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483187#M427571 dstjames123 2020-02-21T08:39:59Z https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483188#M427572 <HTML><HEAD></HEAD><BODY><P>I am not sure how it can be done in ASA but should be similar to how it is done in FWSM/PIX. What you need is Static PAT where you map the same global IP to different ports on indivudual app servers internally.</P><P></P><P>Following example would give you better idea about things</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/nat.htm#wp1159124" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/nat.htm#wp1159124</A></P><P></P><P></P><P>Hope this helps</P></BODY></HTML> Wed, 25 Jan 2006 01:31:18 GMT https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483188#M427572 varakantam 2006-01-25T01:31:18Z https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483189#M427573 <HTML><HEAD></HEAD><BODY><P>Thanks for the link. I think I have added the PAT lines I need but now I am getting ACL errors. I created a rule allowing all TCP port 80 traffic from the outside to my internal web server at 192.168.1.10. But I keep getting a TCP access denied by ACL from 192.168.1.49/1787 (my IP) to inside 69.220.58.91/80 (the IP of my external port on the firewall. Here are my access rules:</P><P></P><P>access-list outside_access_in extended permit tcp any host 69.220.58.91 eq www</P><P>access-list outside_access_out extended permit tcp host 69.220.58.91 any eq www</P><P></P><P>Again this is how it is setup on my symantec firewall so I dont understand why it doesnt work on the cisco. </P></BODY></HTML> Wed, 25 Jan 2006 15:28:35 GMT https://community.cisco.com/t5/network-security/asa-nat-setup-question/m-p/483189#M427573 dstjames123 2006-01-25T15:28:35Z