Just for the two servers.  I have two servers with the same software running on port 1234.  They both need to be accessable externally. 

Steve,

You can do this with a static NAT for your two servers on that specific port.  It would look kind of like this:

static (inside,outside) 4.4.4.4 192.168.X.X 1234 netmask 255.255.255.255

static (inside,outside) 4.4.4.5 192.168.X.X 1234 netmask 255.255.255.255

Or if you want to set them up to use the outside interface only on that port you can do that too.

static (inside,outside) tcp interface 1234 192.168.X.X 1234 netmask 255.255.255.255

Thanks,

Kimberly

He is running 8.4, so the nat is different.

Create an object for each server inside IP and outside IP, then you create the nat statement to tie them together, then create the outside ACL to allow that port access from any source, the destination will be the REAL ip of the server, not the public IP.

object network server1

host 192.168.1.4

object network server2

host 192.168.1.5

object network server1-outside

host 4.4.4.5

object network server2-outside

host 4.4.4.6

object network server1

nat (inside,outside) static server1-outside

object network server2

nat (inside,outside) static server2-outside

I am sorry I totally missed the fact that he is running 8.4.  You are so right on the money and this is also why he is getting the errors on the adding the older style static nat.

Thanks and good catch.

Kimberly

if i go the object route as tahequivoice suggested i get:

ERROR: empty object/object-group(s) detected. NAT Policy is not downloaded

i get an error. invalid input detected and the marker is pointing at netmask

Use the ASDM it is SO much easier for a NOOB when it comes to 8.3/8.4,  In the ASDM under firewll, the right hand window lists the objects. Create the object there as I described, then when all are done, click on the inside server, expand nat, choose static, and select the outside one you want to use. Clieck advanced, then slected the interfaces, and click OKAY

Apply and you should be all set. Dont forget the ACL and use the REAL IP.

BTW NooB not meant to offend, EVERY one who goes from 8.2 to 8.3 is a NooB.

none taken.

Let me make sure i've got this right.  I'll describe what i see in ASDM.

Line 1:  Source Intf - inside, Dest Inft - Outside, Source - server2, Destination - any, Service - tcp/1234, Source - server2-outside, Destination - --Orginal--, Service --Original--

Line 2:  Source Intf - outside, Dest Intf - inside, Source - any, Destination - server2-outside, Service - tcp/1234, Source --Original--(S), Destination - server 2, Service --Original--

I'm not entering your server1 info because I already have that setup and working.

ACL:  Source - any, Destination - 192.168.1.5, Service - tcp/1234, Action - permit

Server2 = 192.168.1.5

Server2-Outside = 4.4.4.6 (my other external address)

It sounds right.   Do a grab from the CLI and then I can tell if it is correct.

object network server2

host 192.168.1.5

object network server2-outside

host 4.4.4.6

nat (inside,backup) static interface service tcp 1234 1234

object network server2

nat (inside,outside) static server2-outside service tcp 1234 1234

i can confirm that this works.  thanks a bunch.