Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
2
Replies

CISCO ASA 5500 Multiple NATs

mojalefa1
Level 1
Level 1

‎03-19-2012 05:02 AM - edited ‎03-11-2019 03:44 PM

I want to be able to expose a certain internal(10.4.4.51) IP with different Public Nat IP's for different clients on the same interface on a cisco ASA 5500

e.g     41.56.46.3    for  client 1

         196.57.54.3   for  client 2

         196.30.241.3 for  cleint 3

         196.31.45.3   for  client 4

How do i achieve this?

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-20-2012 12:49 PM

Hi,

You need to be running 8.3 or above.

If you have the IPs for the clients (where they are coming from), you can create a policy NAT to expose the internal IP to a different one for each client.

Federico.

0 Helpful

mojalefa1
Level 1
Level 1

‎03-23-2012 06:03 AM

I had it configured like this,except this created issues with traffic initiated from 10.4.4.51(outbound) to the clients as it wouldn't know which IP to Nat it to as it exits the firewall interface, but inboud traffic worked properly. All the clients connect to a range of ports (1033 - 1038)

access-list test1 permit ip host 10.4.4.51 any

static(inside,dmz4) 41.56.46.3 access-list test1

access-list test2 permit ip host 10.4.4.51 any

static(inside,dmz4) 196.57.54.3 access-list test2

access-list test3 permit ip host 10.4.4.51 any

static(inside,dmz4) 196.30.241.3 access-list test3

access-list test4 permit ip host 10.4.4.51 any

static(inside,dmz4) 196.31.45.3 access-list test4

Basically my situation is i have four different groups of clients that need to access a service on 10.4.4.51, but i want

each group to connect to a different IP, hence the four way NAT requrement. One more thing is 10.4.4.51 also needs to connect to some clients to access services on their side.

What i eventually did was i created an object group for each group of clients that need access to a specific external Natted IP, so i had four object-groups,with this i was hoping that it would NAT to a different IP depending on what object group the source IP belongs to and Nat to the correct external IP. Below are the NAT configurations.

access-list test5 permit ip host 10.4.4.51 object-group test9

static (inside, dmz4) 41.56.46.3  access-list test5

access-list test6 permit ip host 10.4.4.51 object-group test10

static (inside, dmz4) 196.57.54.3 access-list test6

access-list test7 permit ip host 10.4.4.51 object-group test11

static(inside,dmz4) 196.30.241.3 access-list test7

access-list test8 permit ip host 10.4.4.51 object-group test12

static(inside,dmz4) 196.31.45.3 access-list test8

I hope this clarifies my requirement and scenario. Your help will be greatly appreciated.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card