https://community.cisco.com/t5/network-security/policy-nat/m-p/1185931#M877752 <HTML><HEAD></HEAD><BODY><P>You can try these configs</P><P>Assuming that the src traffic is 10.18.1.0 dst is 172.16.1.1:8080</P><P>access-list Policy10 x.x.x.x y.y.y.y where x.x.x.x is the src/subnet and y.y.y.y is the dest </P><P>static (inside,outside) 192.168.1.1 access-list Policy10 </P><P>access-list Policy20 x.x.x.x y.y.y.y where x.x.x.x= src of traffic and y.y.y.y dest of trafic </P><P>static (insode,outside) 192.168.1.2 access-list Policy20 </P><P>This means that xlate when the access-list triggers (src,dst) of traffic</P><P></P><P></P><P></P></BODY></HTML> Thu, 15 Jan 2009 19:15:37 GMT sdoremus33 2009-01-15T19:15:37Z https://community.cisco.com/t5/network-security/policy-nat/m-p/1185930#M877751 <P>Hi All, </P><P>i am trying to prepare for exam and i'm bit stuck with this scenario in my lab. Could someone help me with this? I'm trying to nat one outside global ip address and tcp port to two different inside server based on source ip address.</P><P>I have two user pools 10.18.1.0/24 and 10.18.2.0/24 and all users are set to use proxy server 172.16.1.1:8080. That proxy sever was nated on FWSM to 192.168.1.1, but now i want to split the load and want to nat one user subnet (10.18.1.0/24) to 192.168.1.1 and second user subnet to 192.168.1.2. </P><P>What i did is i've configured two access-list's </P><P>ACL1:</P><P>access-list permit tcp host 192.168.1.1 eq 8080 10.18.1.0 255.255.255.0 eq 8080</P><P>ACL2:</P><P>access-list permit tcp host 192.168.1.2 eq 8080 10.18.2.0 255.255.255.0 eq 8080</P><P>i can apply one static:</P><P>static (inside,outside) tcp 172.16.1.1 8080 access-list ACL1 </P><P>fwsm accepts this command but when i try to apply second static:</P><P>static (inside,outside) tcp 172.16.1.1 8080 access-list ALC2 </P><P>i'm getting error that global already used.</P><P>What am i doing wrong here?</P><P>Thanks</P> Mon, 11 Mar 2019 14:36:15 GMT https://community.cisco.com/t5/network-security/policy-nat/m-p/1185930#M877751 darius.liepuonis 2019-03-11T14:36:15Z https://community.cisco.com/t5/network-security/policy-nat/m-p/1185931#M877752 <HTML><HEAD></HEAD><BODY><P>You can try these configs</P><P>Assuming that the src traffic is 10.18.1.0 dst is 172.16.1.1:8080</P><P>access-list Policy10 x.x.x.x y.y.y.y where x.x.x.x is the src/subnet and y.y.y.y is the dest </P><P>static (inside,outside) 192.168.1.1 access-list Policy10 </P><P>access-list Policy20 x.x.x.x y.y.y.y where x.x.x.x= src of traffic and y.y.y.y dest of trafic </P><P>static (insode,outside) 192.168.1.2 access-list Policy20 </P><P>This means that xlate when the access-list triggers (src,dst) of traffic</P><P></P><P></P><P></P></BODY></HTML> Thu, 15 Jan 2009 19:15:37 GMT https://community.cisco.com/t5/network-security/policy-nat/m-p/1185931#M877752 sdoremus33 2009-01-15T19:15:37Z https://community.cisco.com/t5/network-security/policy-nat/m-p/1185932#M877753 <HTML><HEAD></HEAD><BODY><P>Thanks i will try that</P></BODY></HTML> Mon, 19 Jan 2009 16:43:14 GMT https://community.cisco.com/t5/network-security/policy-nat/m-p/1185932#M877753 darius.liepuonis 2009-01-19T16:43:14Z https://community.cisco.com/t5/network-security/policy-nat/m-p/1185933#M877754 <HTML><HEAD></HEAD><BODY><P>Did this work for you, just checking...</P></BODY></HTML> Tue, 20 Jan 2009 05:24:14 GMT https://community.cisco.com/t5/network-security/policy-nat/m-p/1185933#M877754 sdoremus33 2009-01-20T05:24:14Z