Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
4
Replies

two public natted to single private

Go to solution
lcaruso
Level 6
Level 6

‎02-28-2013 12:33 PM - edited ‎03-11-2019 06:07 PM

Hi,

As long as this is for inbound traffic only, I'm assuming this will not cause problems?

Two different public ips on the outside interface (doesn't include the interface ip) static natted to a single dmz host.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to lcaruso

‎02-28-2013 12:51 PM

Hi,

I think it should work in the way you describe.

If connections are opened from the "outside" there should be no problem.

On the other hand if the server opens the connections at some point, it will only be using only one of the Static NAT configurations when connecting "outside". And the the Static NAT used for outbound connections would be chosen according to how the ASA handles NAT order of operations.

- Jouni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-28-2013 12:39 PM

Hi,

You mean that you want 2 public IP addresses for a single DMZ host IP address?

Is theres a specific reason for this kind of setup and what is it?

I guess you can configure this but for it to actually have any possibility to work you have to somehow specify when each public IP address is used.

Can you first clarify the reasoning for looking for this kind of NAT setup and then we could look into the actual configuration.

Also mention your device software version.

- Jouni

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Jouni Forss

‎02-28-2013 12:44 PM

Thanks for your reply. IOS is 8.3(2).

The webmaster specified that setup. Domain names resolve to the seperate outside address.

name1.domain.com = > public ip 1 => dmz host foo

name2.domain.com => public ip 2 => dmz host foo

dmz host foo uses http headers to determine which website traffic is sent to

My understanding was as long as the traffic is initiated inbound, this would work okay.

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to lcaruso

‎02-28-2013 12:51 PM

Hi,

I think it should work in the way you describe.

If connections are opened from the "outside" there should be no problem.

On the other hand if the server opens the connections at some point, it will only be using only one of the Static NAT configurations when connecting "outside". And the the Static NAT used for outbound connections would be chosen according to how the ASA handles NAT order of operations.

- Jouni

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Jouni Forss

‎02-28-2013 01:03 PM

Seems to be working in testing as you describe.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card