Solved: Re: Multiple external static addresses NATed to one internal address?

WolfR1der · ‎10-19-2023

The current devices we're working with are old Cisco ASAs but are to be replaced soon with FPR firewalls.

Because of the way we had our network was setup early on we have a few servers with multiple external and internal IP addresses. This is mostly due to how our clients have their networks set up and what subnet ranges were available. This is also due to the fact that our clients are still required to access us via B2B IPSec. These services are not yet available via the open Internet. That's coming either 2024 or 25.

Example:
Internal Network 10.2.1.0/24
Client group 1 allows 10.0.10.0/24
Client group 2 allows 10.0.20.0/24
Client group 3 allows 172.16.10.0/24
Client group 4 allows 192.168.0.0/24
This server in the example has four IP addresses: 10.2.1.10, 10.2.1.11, 10.2.1.12, 10.2.1.13

Thus the NATs we have:
10.0.10.10 -- 10.2.1.10
10.0.20.10 -- 10.2.1.11
172.16.10.10 -- 10.2.1.12
192.168.0.10 -- 10.2.1.13

We have a few servers like this. Is there a way to policy NAT these all to the first IP instead of wasting three extra addresses? There's a ton of info on NAT but not a lot for this particular problem. Or maybe I'm missing it.

MHM Cisco World · ‎10-19-2023

If you use port then you can make all four server use same one IP.

View solution in original post

MHM Cisco World · ‎10-19-2023

If you use port then you can make all four server use same one IP.

WolfR1der · ‎10-20-2023

That's pretty much what I thought the only solution might be though I thought there would be a policy based solution. Thanks for the answer.