Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
6
Replies

Multiple WAN IP addresses NAT inbound

Go to solution
benford01
Level 1
Level 1

‎10-08-2015 03:57 AM - edited ‎03-11-2019 11:42 PM

All 

 

This is my first time configuring a ASA and im facing some issues. It seems like im trying to do something basic but i cannot get it to work how i expect. 

I have multiple public IP addresses say /29 and im trying to assign them to an interface. Where normally i would assign one address to the interface and have the rest as additional addresses but im struggling to see how i do this on the ASA.

 

When i try set up a outside - Inside NAT rule using the additional address i have added it says the subnets overlap. 

 

Any help would be much appreciated.

 

Ben 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rishabh Seth
Level 7
Level 7
In response to benford01

‎10-08-2015 04:22 AM

Hi Ben,

You can create STATIC NAT on ASA to map a public IP to private IP on a particular port. Once you create NAT you will also require acl to permit traffic for real IP addresses.

 

Eg:

object network 77.88.99.15
 host 77.88.99.15
object network 10.10.10.1
 host 10.10.10.1

 

object network 10.10.10.1
 nat (inside,outside) static 77.88.99.15 service tcp 9100 9100

 

 

Note: if you are mapping the public IP which is configured on the interface of ASA then use keyword "interface" instead of IP address in your nat statement.

 

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

 

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rishabh Seth
Level 7
Level 7

‎10-08-2015 04:09 AM

Hi Ben,

 

You can assign only one IP on the ASA interface from a subnet. In case you are using other IP addresses in the subnet to map some internal machines then you can can create NAT statements on ASA.

Please share more details about your setup and let us know what version of ASA software are you using?

 

Thanks,

R.Seth

0 Helpful

Go to solution
benford01
Level 1
Level 1
In response to Rishabh Seth

‎10-08-2015 04:14 AM

Hi R

 

Im using 9.4.2. 

This is what im trying to do. I have a subnet of /29. I have multiple services that i need to reach from the outside world that are inside. I have done a table below of how would like it to work. 

destination addressportinternal addressport
77.88.99.15910010.10.10.19100
77.88.99.16910010.10.10.29100
77.88.99.17910010.10.10.39100

 

Does this help you understand ?

 

Ben 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to benford01

‎10-08-2015 04:22 AM

Hi Ben,

You can create STATIC NAT on ASA to map a public IP to private IP on a particular port. Once you create NAT you will also require acl to permit traffic for real IP addresses.

 

Eg:

object network 77.88.99.15
 host 77.88.99.15
object network 10.10.10.1
 host 10.10.10.1

 

object network 10.10.10.1
 nat (inside,outside) static 77.88.99.15 service tcp 9100 9100

 

 

Note: if you are mapping the public IP which is configured on the interface of ASA then use keyword "interface" instead of IP address in your nat statement.

 

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

 

 

0 Helpful

Go to solution
benford01
Level 1
Level 1
In response to Rishabh Seth

‎10-08-2015 05:16 AM

Would this not be natting on the way from inside to outside ? 

 

 

 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to benford01

‎10-08-2015 05:19 AM

Hi Ben,

 

static NAT is bidirectional, so it will take care of in to out and out to in traffic.

 

Thanks,

R.Seth

0 Helpful

Go to solution
benford01
Level 1
Level 1
In response to Rishabh Seth

‎10-08-2015 05:21 AM

Thanks Rishabh, I will give that a go.!

 

Ben 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card