Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
5
Replies

NAT on ASA 5510

rv_viji
Level 1
Level 1

‎03-20-2007 01:25 AM - edited ‎03-11-2019 02:49 AM

Hi,

I have the following requirement....

I would like to NAT 3 public ip addresses to one inside ip address and same destination port.

What I mean is.... say for example I have the following 3 public ip address 85.x.x.1, 85.x.x.2 & 85.x.x.3.... so whenever anybody from internet trys to access 85.x.x.1-3 on say tcp port number 25 it should get translated to the one single inside ip 10.x.x.10 tcp port 25....

Hope my requirement is clear...

How to acheive this ?? anybody suggest me on this pls...

Regards

Labels:
0 Helpful
5 Replies 5

vernon-lee
Level 1
Level 1

‎03-20-2007 07:36 AM

This should be simple enough. Do you want to send ports to different internal servers? or a simple one to one nat?

if you want a simple one to one nat, just click on the NAT tab on the configuration screen, and create a nat from the Private IP to the Public or External IP. You should be able to make as many as you want.

If you want to route say port 25 to a different server, and have say port 80 go to a different server, the process is simular, however use the PAT "Port Address Translation" checkbox.

I hope this helps.

0 Helpful

acomiskey
Level 10
Level 10

‎03-20-2007 07:46 AM

If you attempt the following...

static (inside,outside) 85.x.x.1 10.x.x.10 netmask 255.255.255.255

static (inside,outside) 85.x.x.2 10.x.x.10 netmask 255.255.255.255

or

static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 smtp 10.x.x.10 smtp netmask 255.255.255.255

you will receive this "ERROR: duplicate of existing static".

0 Helpful

rv_viji
Level 1
Level 1
In response to acomiskey

‎03-20-2007 10:01 PM

Hi,

Yes acomiskey, I'm getting the same error and I really want to acheive the same as you had mentioned.... so whats the way out to solve this issue....

It would be of really a great help if someone help me to solve this issue....

Thanks

0 Helpful

acomiskey
Level 10
Level 10
In response to rv_viji

‎03-21-2007 08:27 AM

Not sure that you can do that, but you can do this..

static (inside,outside) tcp 85.x.x.1 smtp 10.x.x.10 smtp netmask 255.255.255.255

static (inside,outside) tcp 85.x.x.2 www 10.x.x.10 www netmask 255.255.255.255

0 Helpful

jefforsi
Level 1
Level 1
In response to rv_viji

‎06-12-2007 09:00 PM

Hi,

I'm running the same limitation, where my customer has only one SPAM/Relay, wich is the Barracuda that serves two different domains, so each domain has a unique MX, lets say IP "1.1.1.1" for domain "A.COM" and IP "2.2.2.2" for domain "B.COM".

So I tried exactly the same, doing:

static (inside,outside) tcp 1.1.1.1 25 X.X.X.X 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp 2.2.2.2 25 X.X.X.X 25 netmask 255.255.255.255 0 0

In this case, run the MX on different IPs is required to do right reverse DNS lookups.

So, the idea is to have one local IP being NATed to two global IPs.

Today, he haves a linux based firewall that allows it, so is very complicated to explain why Cisco can?t do that...

If you found some solution, please notify me.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card