https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290698#M791827 <HTML><HEAD></HEAD><BODY><P>vikram's solution will still not work. The ASA will give an error.</P><P>It cannot be done.</P><P></P><P>PK</P></BODY></HTML> Wed, 11 Nov 2009 16:41:50 GMT Panos Kampanakis 2009-11-11T16:41:50Z https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290694#M791823 <P>Hello,</P><P></P><P>I have a question about Static NAT. </P><P>My client use a Linux Firewall for Connection partners using L2L (about 70). He bought two 5520 to replace the current Linux Firewall. I conducted a survey of access rules for migration of the firewall and I have problems with some rules for nat statico. Today many clients connect to an external address static nat configured in Firewall for port redirection, but this by using multiple outside addresses to the same address inside. As we know there is a limitation to this configuration when using NAT on the ASA / PIX. Next example below:</P><P>static (inside,outside) tcp 200.200.200.10 80 10.10.10.10 netmask 255.255.255.255 80</P><P></P><P>static (inside,outside) tcp 200.200.200.20 80 10.10.10.10 netmask 255.255.255.255 80</P><P></P><P>Have any tips on how I can treat this type of NAT? </P><P>The client is even thinking about rolling back the purchase of Cisco ASA due to this limitation. </P><P></P><P>Can you help?</P><P> </P><P>Thank you very much !!</P><P></P><P>Att:</P><P>Rubens</P> Mon, 11 Mar 2019 16:38:42 GMT https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290694#M791823 rubens.palhoni 2019-03-11T16:38:42Z https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290695#M791824 <HTML><HEAD></HEAD><BODY><P>Rubens,</P><P></P><P>That cannot be implemented on an ASA. With statics, or even policy statics it won't work. The ASA will complain about mapped address conflicts.</P><P></P><P>The question would be why do you want to do that?</P><P></P><P>PK</P></BODY></HTML> Tue, 10 Nov 2009 20:04:03 GMT https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290695#M791824 Panos Kampanakis 2009-11-10T20:04:03Z https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290696#M791825 <HTML><HEAD></HEAD><BODY><P>Hi PK,</P><P></P><P>Exactly right. I know that conflicts, but the client is very moroless because it uses a Linux configuration that accomplishe this without major problems. Posted this case here, to verify together if</P><P>can find a solution rsrsrsr ...</P></BODY></HTML> Tue, 10 Nov 2009 20:18:33 GMT https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290696#M791825 rubens.palhoni 2009-11-10T20:18:33Z https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290697#M791826 <HTML><HEAD></HEAD><BODY><P>you might want to check this</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml</A></P><P></P><P>and restrict the access to port 80 with a access-list on the outside interface. Not sure if this would work with ports in either access-list or static.</P></BODY></HTML> Wed, 11 Nov 2009 02:04:51 GMT https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290697#M791826 vikram_anumukonda 2009-11-11T02:04:51Z https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290698#M791827 <HTML><HEAD></HEAD><BODY><P>vikram's solution will still not work. The ASA will give an error.</P><P>It cannot be done.</P><P></P><P>PK</P></BODY></HTML> Wed, 11 Nov 2009 16:41:50 GMT https://community.cisco.com/t5/network-security/urgent-static-nat-using-multiple-external-address/m-p/1290698#M791827 Panos Kampanakis 2009-11-11T16:41:50Z