cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

475
Views
10
Helpful
3
Replies
Highlighted
Participant

Multiple public IP on outside interface for static NAT

Hi ,

I would like to configure multiple public ip (same subnet) on outside interface of ASA.

I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN  ,1 for DMZ server,2 for other SERVERS and all ip want to assign on ASA. i don't want to use sub interface.

So how to assign the multi IP on single interface. I can do on Fortigate firewall and Juniper firewall by using proxy arp.

When i try in ASA  i don't know why cannot do . ASA didn't support ?

Please let me know can i assign multiple ip on e0 interface in attachment ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Multiple public IP on outside interface for static NAT

Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.

 

Example:-

 

object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4

 
HTH

View solution in original post

3 REPLIES 3
Highlighted
VIP Advisor

Re: Multiple public IP on outside interface for static NAT

Hi,
You don't need to assign multiple IP addresses to the outside interface. You just need the static NAT entries, you may need a static route(s) defined on the upstream router (ISP) to route the public IP addresses to the ASA's existing outside interface IP address (if the public IP addresses are on a different network to the IP address assigned to the outside interface).

HTH

Highlighted
Participant

Re: Multiple public IP on outside interface for static NAT

HI,

Do you mean only NAT is enough ? If i do NAT on my ASA,the outside network automatically know how to go the my public ip which didn't physically assign on physical interface ?

for example - In Juniper firewall ,we need to map public ip list and interface by using proxy arp.

In asa i only see check box only. it will automatically know our outside interface is using those public ip which configure in nat ?

 

example :

101.101.102.1 static nat->192.168.1.10

101.101.102.2 static nat->192.168.2.10

101.101.102.3 static nat ->192.168.2.10

 

Highlighted
VIP Advisor

Re: Multiple public IP on outside interface for static NAT

Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.

 

Example:-

 

object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4

 
HTH

View solution in original post