Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
5
Helpful
6
Replies

Can you NAT a single internal IP to multiple public IPs?

Go to solution
Xavier Lloyd
Level 1
Level 1

‎07-12-2011 02:05 PM - edited ‎03-11-2019 01:58 PM

If I have 2 ISPs and a mail server somewhere behind the firewall, can I have 2 public addresses being NATed to a single private address (one for each ISP)?

Assuming that I'm using version 8.4, can the following work without the ASA complaining?

object network mail-server-out1

host 4.4.4.4

object network mail-server-out2

host 5.5.5.5

object network mail-server-in1

host 10.1.1.1

nat (inside,outside1) source static mail-server-in1 mail-server-in1 destination static mail-server-out1 mail-server-out1

object network mail-server-in2

host 10.2.2.2

nat (inside,outside2) source static mail-server-in2 mail-server-in2 destination static mail-server-out2 mail-server-out2

(not sure if the syntax is right...still getting used to the new NAT)

Questions? Thoughts? Ideas?

Thanks much!

Regards

Xavier

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Parminder Sian
Level 1
Level 1

‎07-13-2011 01:20 AM

Hey Xavier,

You can try following :-

object network webServer --------------> Internal server IP

host 192.168.1.99

object network webServerGlobal1 ----------> Global IP

host 209.165.200.225

object network webServerGlobal2 -----------> Global IP

host 209.165.200.226

nat (inside,outside) source static webServer webServerGlobal1 unidirectional

nat (inside,outside) source static webServer webServerGlobal2

With this config, the first nat statement will work in one direction only not bidirectional as in earlier version. So to access the server from outside Second nat statement will work as it is bidirectional and first one wont come in action.

Give it a try and see how it goes.

I hope it works according to what you are palnning on achieving.

Parminder Sian

View solution in original post

0 Helpful
6 Replies 6

Go to solution
varrao
Level 10
Level 10

‎07-12-2011 07:34 PM

Hi Xavier,

That would not be possible, you would be able to access the server from  outside but the return packet would not be able to know from whicj ip address it is supposed to nat, so my suggestion qwould be to use dual nic on your server machine, that would make things easdier for you.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
Parminder Sian
Level 1
Level 1

‎07-13-2011 01:20 AM

Hey Xavier,

You can try following :-

object network webServer --------------> Internal server IP

host 192.168.1.99

object network webServerGlobal1 ----------> Global IP

host 209.165.200.225

object network webServerGlobal2 -----------> Global IP

host 209.165.200.226

nat (inside,outside) source static webServer webServerGlobal1 unidirectional

nat (inside,outside) source static webServer webServerGlobal2

With this config, the first nat statement will work in one direction only not bidirectional as in earlier version. So to access the server from outside Second nat statement will work as it is bidirectional and first one wont come in action.

Give it a try and see how it goes.

I hope it works according to what you are palnning on achieving.

Parminder Sian

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Parminder Sian

‎07-13-2011 04:52 AM

Hey Parminder,

I forgot about the unidirectional keyword! Thanks man. I don't think I'll be able to test it out 'cause I don't have access to an ASA with 8.4 but it looks like it can work.

I was actually hoping someone would be able to lab it up for me and tell me but I figured it would be a bit much to ask. I'm going to see if I can find a way to try it out a bit later though.

Thanks again!

Xavier

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Xavier Lloyd

‎07-16-2011 06:31 AM

Hi Xavier,

Did a bit of research and yes we can make it possible, here is a sample configuration for it:

object network mail-server-out1

host 4.4.4.4

object network mail-server-out2

host 5.5.5.5

object network mail-server-in1

host 10.1.1.1

nat (outside1,inside) source static any interface destination static mail-server-out1 mail-server-in1

nat (outside2,inside) source static any interface destination static mail-server-out2 mail-server-in1

I had a simialr config requirement in one of the threads and it worked perfect.

May be you can use it.

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to varrao

‎07-18-2011 06:52 AM

Cool! I'll try to test it out when I get a chance.

Thanks much Varun!

Cheers

Xavier

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Xavier Lloyd

‎07-18-2011 07:03 AM

Great!! Sure, do let me know the results...

-Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card