PAT 1inside server to 2 public IPs

ovidio.catrina · ‎07-05-2013

hy there

i have a exchange server with the IP 192.168.170.10 and i want to PAT it to 2 different Public IPs on the ASA.

the ASA interface has the IP 213.229.XXX.50 and the other IP that the ISP gave me is 213.229.XXX.51

i want to pat http

i tried this but doesnt work.

1------ static (inside,outside) tcp 213.229.XXX.51 http SrvExchange http netmask 255.255.255.255

2------ static (inside,outside) tcp interface http SrvExchange http netmask 255.255.255.255

but the second PAT fails because it says that the IP overlaps with the first line

it is hard to belive that this is not possible to do in ASA, since on the router or any other platform you cand do it.

Regards.

Jouni Forss · ‎07-05-2013

Hi,

To be honest I have never had to resort to ever trying such a NAT configuration on the software level you are using.

Though to my understanding its possible in the newer software 8.3 and newer with the new NAT configuration format

There the configuration could look something like this

object network STATIC-PAT-1

host 10.0.0.123

nat (LAN,WAN) static interface service tcp www www

object network STATIC-PAT-2

host 10.0.0.123

nat (LAN,WAN) static 1.1.1.2 service tcp www www

Both NAT rules seemed to work fine with regards to testing them with "packet-tracer" command.

Seems the behaviour is a bit different on different devices.

I for example tested the configuration format you used in a Cisco FWSM which accepted and entered both "static" commands even though giving the warning. An ASA 5510 running 8.2(2) on the other hand gave the warning and rejected the second command.

- Jouni