Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2708
Views
3
Helpful
5
Replies

Multiple NAT rule is possible????

Go to solution
vipinrajrc
Level 3
Level 3

‎09-11-2011 07:20 PM - edited ‎03-11-2019 02:23 PM

Hi Experts,

Is it possible to create multiple NAT rule for a single IP?  If it is Yes, in the case of exchange server how is the working?

Thanks

Vipin

Thanks and Regards, Vipin
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to Julio Carvajal

‎09-11-2011 09:25 PM

Hi Vipin,

You would need to  to use policy nat for it:

access-list abc permit ip host 192.168.10.2 any

access-list xyz permit ip host 192.168.10.2 any

static (inside,outside) 60.60.60.1 access-list abc

static (inside,outside) 70.60.60.2 access-list xyz

Let me know if this works for you.

You can usne this thread as reference:

https://supportforums.cisco.com/message/3428828#3428828

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-11-2011 08:07 PM

Hello Vipin,

Lets say that the Private ip address of the Exchange server located on the inside interface its 192.168.10.2 and the public one is 60.60.60.1

So you want to create a multiple nat rule for that server pointing to the same Public IP. one on port 25  and the other one on port 389.

So the nat rules are going to be:

Static (inside,outside) tcp 60.60.60.1 25 192.168.10.2 25

Static (inside,outside) tcp 60.60.60.1 389 192.168.10.2 389

And you can keep doing this with all the ports you need to use for this server.

I hope this help you, If you need anything else just let me know

Best Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
vipinrajrc
Level 3
Level 3
In response to Julio Carvajal

‎09-11-2011 08:42 PM

Hi,

Thanks for the reply...

But what about different public IPs to the same private IP???

Say public IP : 60.60.60.1, 70.60.60.2

Private : 192.168.10.2

Thanks

Vipin

Thanks and Regards, Vipin
0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to vipinrajrc

‎09-11-2011 08:56 PM

Hello Vipin,

Static (inside,outside) tcp 60.60.60.1 25 192.168.10.2 25

Static (inside,outside) tcp70.60.60.2 389 192.168.10.2 389

If you use port forwarding it should work but doing just a static one to one the ASA I dont thinks that is going to work because there is going to be a conflict on the configuration.

Regards.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Julio Carvajal

‎09-11-2011 09:25 PM

Hi Vipin,

You would need to  to use policy nat for it:

access-list abc permit ip host 192.168.10.2 any

access-list xyz permit ip host 192.168.10.2 any

static (inside,outside) 60.60.60.1 access-list abc

static (inside,outside) 70.60.60.2 access-list xyz

Let me know if this works for you.

You can usne this thread as reference:

https://supportforums.cisco.com/message/3428828#3428828

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to vipinrajrc

‎09-11-2011 09:20 PM

It would work, but as per Nat order it would only make outbound connections using the first one. Inbound connections will work for both 60.60.60.1 and 70.70.70.2 (Talking 8.2 and below)

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card