https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219766#M861412 <HTML><HEAD></HEAD><BODY><P>Kunal</P><P></P><P>See this recent thread discussing the same issue - </P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;topicID=.ee6e1fa&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd28488" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;topicID=.ee6e1fa&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd28488</A></P><P></P><P>Jon</P></BODY></HTML> Mon, 30 Mar 2009 18:59:20 GMT Jon Marshall 2009-03-30T18:59:20Z https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219765#M861411 <P>Hi folks - </P><P></P><P>I have a host in the DMZ that has a one-2-one static NAT on an ASA 5510. The IP address of the host in the DMZ is 192.168.128.20. Now we have added two more hosts in the DMZ that have been clustered with 192.168.128.20. The IP addresses of two additional hosts in the cluster is 192.168.128.26 &amp; .28. </P><P></P><P>Now when communication goes out from the server cluster in the DMZ, I've been told the cluster will choose any IP address (.20, .26 or .28) for outbound communication. I added another NAT statement on the 5510 that NAT's .26 &amp; .28 to a public IP address. This public IP address is different from the public IP address that has been assigned to .20. </P><P></P><P>So my question is, Can I have the below configuration without causing any problems? My goal is to keep the static NAT that is in place for .20, and also NAT .26 and .28 to the same public IP address as .20. Also, when vendors communicate with the server cluster in the DMZ, they use the IP address of 99.99.99.100 (not the real address ofcourse!!)</P><P></P><P>static (dmz,outside) 99.99.99.100 192.168.128.20 netmask 255.255.255.255</P><P></P><P>access-l TEST extended per ip host 192.168.128.20 any</P><P>access-l TEST extended per ip host 192.168.128.26 any</P><P>access-l TEST extended per ip host 192.168.128.28 any</P><P></P><P>static (dmz,outside) 99.99.99.100 access-l TEST </P> Mon, 11 Mar 2019 15:12:12 GMT https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219765#M861411 ksarin123_2 2019-03-11T15:12:12Z https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219766#M861412 <HTML><HEAD></HEAD><BODY><P>Kunal</P><P></P><P>See this recent thread discussing the same issue - </P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;topicID=.ee6e1fa&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd28488" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;topicID=.ee6e1fa&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd28488</A></P><P></P><P>Jon</P></BODY></HTML> Mon, 30 Mar 2009 18:59:20 GMT https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219766#M861412 Jon Marshall 2009-03-30T18:59:20Z https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219767#M861414 <HTML><HEAD></HEAD><BODY><P>Jon - </P><P></P><P>Thanks for your prompt response. However, my situation is slightly different. I am looking to keep the static NAT in place (for .20) but also NAT .26 and .28 to the same public IP addresses as .20. </P><P></P><P>So I am looking to map a single public IP address to multiple hosts inside.</P><P> </P></BODY></HTML> Mon, 30 Mar 2009 19:27:34 GMT https://community.cisco.com/t5/network-security/static-nat-question/m-p/1219767#M861414 ksarin123_2 2009-03-30T19:27:34Z