06-03-2010 06:15 AM - edited 03-11-2019 10:54 AM
Dear,
When I try to add a second item to the source of a static nat rule, it replaces the original source item. Even if I try to add an extra static nat rule with a different source natted to the same destination IP, it asks me to replace the original rule.
I also tried to expand the source from one ip to /24 network but in this case I get an error the subnetmask of source and destination (/32) are not equal.
Any idea how I can allow two source ip addresses translated to one Ipadress over one interface?
The firewall is a Cisco ASA5520 running software version 8.0(3)
Any help really appreciated.
Kind regards,
Kenny
06-03-2010 06:23 AM
Kenny,
You cannot translate the same internal IP address to two different IP address statically, for example, the below command won't work:
static (in,out) 200.1.1.1 10.1.1.1
static (in,out) 200.1.1.2 10.1.1.1 --> you will get an overlapping error here
The reason it does not work is because the ASA won't know to which address translate 10.1.1.1 (because you have two static rules).
What you can do though is use static PAT:
static (in,out) tcp 200.1.1.1 80 10.1.1.1 80
static (in,out) tcp 200.1.1.2 25 10.1.1.1 25
The first line you're translating the internal 10.1.1.1 to 200.1.1.1 when using TCP port 80
The second line you're translating the same internal 10.1.1.1 to 200.1.1.2 when using TCP port 25... and so on...
Let me know if it helps.
Federico.
06-03-2010 06:34 AM
Federico,
Thanks for the quick reply, but that was not the thing I am looking for ... maybe my question was not clear. Here it comes again:
I need to translate two different internal ipaddresses to another ipaddress.
Kind regards,
Kenny
06-03-2010 06:56 AM
Kenny,
Sorry for the misunderstanding, but the same rule applies.
You cannot translate two different internal IP addresses to the same outside IP adress statically (only using STATIC PAT)
Normally this is desired when say, you have two internal servers and one listens on one port and the other one on a different port and you want to map them both to the same outside IP.
This can be done with static PAT.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide