Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1736
Views
0
Helpful
1
Replies

Static NAT with Port Translation (Same Inside Server with two Difference services & One Other Inside Server)

Go to solution
latenaite2011
Level 4
Level 4

‎02-08-2018 06:53 PM - edited ‎02-21-2020 07:19 AM

I am just wondering if you can create a static NAT  with Port Translation (using the outside interface) and use the same inside server for two different tcp services and another inside server using a third tcp service.  

 

For example, from this guide here, I slightly modified the static public IP to the interface command and then changed the second static entry to be the same inside server but mapped to a different port.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/firewall/asa-99-firewall-config/nat-reference.html#ID-2091-000000f3

 

Step 1 Create a network object for the FTP server and configure static NAT with port translation, mapping the FTP port to itself.

 

hostname(config)# object network FTP_SERVER
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static interface service tcp ftp ftp

 

Step 2 Create a network object for the HTTP server and configure static NAT with port translation, mapping the HTTP port to itself.

hostname(config)# object network HTTP_SERVER
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static interface service tcp http http

 

Step 3 Create a network object for the SMTP server and configure static NAT with port translation, mapping the SMTP port to itself.

hostname(config)# object network SMTP_SERVER
hostname(config-network-object)# host 10.1.2.29
hostname(config-network-object)# nat (inside,outside) static interface service tcp smtp smtp

 

So it looks like this:

 

outside interface --tcp/21 <--> 10.1.1.27 tcp/21

outside interface --tcp/80 <--> 10.1.1.27 tcp/80

outside interface --tcp/25 <--> 10.1.1.29 tcp/25

 

Note I changed the second entry from the example provided in the URL from 10.1.1.28 to 10.1.1.27.

 

and if this can be continued on to have other port translations to more IP addresses on the inside and more ports as long as it is not the same port being used to avoid any duplicate.  So we have these entries too if we wanted to:

 

outside interface --tcp/8000 <--> 10.1.1.27 tcp/8000

outside interface --tcp/8225 <--> 10.1.1.30 tcp/8225

outside interface --udp/6700<--> 10.1.1.30 udp/6700

 

Note that there isn't any same ports being used as it makes sense because the outside interface can only listen to one of the same port and that needs to be mapped inside to an IP.

 

I was not sure because the URL seems to have a different inside IP for all three sample entries so not sure if we can the same same inside servers but different ports.

 

thanks,

LN

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-08-2018 09:02 PM

Hi

The config you've done is correct.
You can have the same host having multiple port forwarding.
As you said, you can create as many port forwarding as you want to any or the same inside IP as soon as ports are unique.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-08-2018 09:02 PM

Hi

The config you've done is correct.
You can have the same host having multiple port forwarding.
As you said, you can create as many port forwarding as you want to any or the same inside IP as soon as ports are unique.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card