nat question, one outside IP mapped to two different inside ip and ports

christian.geissler · ‎05-10-2012

Hi

Need help

i want to nat one outside IP x.x.x.x port 80 to DMZ host y.y.y.y port 80

then IP x.x.x.x port 443 to DMZ host y.y.y.y port 443

and outside IP x.x.x.x port 8443 to DMZ host z.z.z.z port 8443

outside IP x.x.x.x port 8080 to DMZ host z.z.z.z port 8080

No Idea...

regards

Chris

ajay chauhan · ‎05-11-2012

You can very well do it this is called port forwarding .

command will depend on ASA version of software you are using.

christian.geissler · ‎05-11-2012

Sorry foget to say i use version 8.4.2 .

varrao · ‎05-11-2012

Hi Christian,

You need this configuration:

object network obj-x.x.x.x

host x.x.x.x

object network obj-y.y.y.y

host y.y.y.y

object network obj-z.z.z.z

host z.z.z.z

object service tcp_80

service tcp destination eq 80

object service tcp_443

service tcp destination eq 443

object service tcp_8443

service tcp destination eq 8443

object service tcp_8080

service tcp destination eq 8080

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-y.y.y.y service tcp_80 tcp_80

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-y.y.y.y service tcp_443 tcp_443

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-z.z.z.z service tcp_8443 tcp_8443

nat (outside,inside) source static any any destination static obj-x.x.x.x obj-z.z.z.z service tcp_8080 tcp_8080

If the outside Ip is the outside interface IP, then just replace "obj-x.x.x.x" with the keyword "interface" in it.

Hoep that helps.

Thanks,

Varun

Thanks,
Varun Rao