Solved: Static NAT and same IP address for two interfaces

jeff6strings · ‎05-29-2012

We have a Cisco ASA 5520 and in order to conserve public IP addresses and configuration (possibly) can we use the same public IP address for a static NAT with two different interfaces? Here is an example of what I'm refering too where 10.10.10.10 would be the same public IP address.

static (inside,Outside) 10.10.10.10 access-list inside_nat_static_1

static (production,Outside) 10.10.10.10 access-list production_nat_static_1

Thanks for any help.

Jeff

varrao · ‎05-29-2012

Hi Jeff,

Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

varrao · ‎05-29-2012

Hi Jeff,

Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

jeff6strings · ‎05-31-2012

Varun,

Thank you for the reply and we will use an IP address just for this project.

jeff