Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2995
Views
0
Helpful
8
Replies

ASA secondary IP address configuration

Go to solution
Izac ICT
Level 1
Level 1

‎09-23-2016 02:55 AM - edited ‎03-12-2019 01:18 AM

Dear all,

I have Asa5510 and 8 public IP addresses. I want to configure NAT to my second exchange server but how can I do that?

Currently Outside interface configured like that:

xxx.xxx.xxx.123

255.255.255.248

ISP router is xxx.xxx.xxx.121

When I try to create sub interface(xxx.xxx.xxx.126) it gives error that "The IP address, xxx.xxx.xxx.126/ 255.255.255.248, cannot overlap with the subnet of interface Outside".

I want to map my second exchange server to smtp and https ports. 

Thank you very much in advance for your help.

Kind regards,

IZac

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pawan Raut
Level 4
Level 4
In response to Izac ICT

‎09-23-2016 04:16 AM

Here you go. Let consider your exchange2 server internal  IP is 10.1.1.1 and external Public IP you want to do NAT is 20.1.1.1

ASA(config)# object network exchang2
ASA(config-network-object)# host 10.1.1.1
ASA(config-network-object)# nat (inside,outside) static 20.1.1.1 service tcp smtp https

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Pawan Raut
Level 4
Level 4

‎09-23-2016 03:13 AM

why you need to create another interface for NAT?

do you want NAT exchange server smtp and https with xxx.xxx.xxx.126 ?

0 Helpful

Go to solution
Izac ICT
Level 1
Level 1
In response to Pawan Raut

‎09-23-2016 03:48 AM

because currently smtp and https ports are forwarded my first exchange 2013 server. I want to have faileover. IF something happens to exch1 there is no email access.

If I forward https and smtp also to exch2 somehow then it wont be problem.

I want to have e-mail failover.

0 Helpful

Go to solution
Pawan Raut
Level 4
Level 4
In response to Izac ICT

‎09-23-2016 03:52 AM

Stll I cat get you what you want to achieve here do you want NAT exh2 with  new Public IP xxx.xxx.xxx.126 ?

0 Helpful

Go to solution
Izac ICT
Level 1
Level 1
In response to Pawan Raut

‎09-23-2016 04:04 AM

Yes. How can I do that?

I want to access both servers externally.

0 Helpful

Go to solution
Pawan Raut
Level 4
Level 4
In response to Izac ICT

‎09-23-2016 04:16 AM

Here you go. Let consider your exchange2 server internal  IP is 10.1.1.1 and external Public IP you want to do NAT is 20.1.1.1

ASA(config)# object network exchang2
ASA(config-network-object)# host 10.1.1.1
ASA(config-network-object)# nat (inside,outside) static 20.1.1.1 service tcp smtp https

0 Helpful

Go to solution
Izac ICT
Level 1
Level 1
In response to Pawan Raut

‎09-23-2016 04:21 AM

Do you think it won`t effect the Exch1? Should add also firewall rules?

0 Helpful

Go to solution
Pawan Raut
Level 4
Level 4
In response to Izac ICT

‎09-23-2016 04:39 AM

It will not impact exch1 communication as you are using different NAT IP for exch1 and exch2. Yeah you need FW rule as well

0 Helpful

Go to solution
Izac ICT
Level 1
Level 1
In response to Pawan Raut

‎09-23-2016 05:07 AM

Thank you very much, it worked. I only directly maped https to https and smtp to smtp

ASA(config)# object network exchang2
ASA(config-network-object)# host 10.1.1.1
ASA(config-network-object)# nat (inside,outside) static 20.1.1.1 service tcp smtp smtp

ASA(config)# object network exchang2https
ASA(config-network-object)# host 10.1.1.1
ASA(config-network-object)# nat (inside,outside) static 20.1.1.1 service tcp htpps https

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card