Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
4
Replies

Two nat - One Public IP

Go to solution
Amin Shaikh
Level 1
Level 1

‎10-03-2009 11:43 AM - edited ‎03-11-2019 09:22 AM

Hi,

I have one public Ip address and wants to nat with one DMZ address and one insdie address

DMZ address for smtp ( anyone from outside should be able to connect to smtp server)

Inside address for http ( anyone from internet should be able to access web-server )

Is this possible.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Amin Shaikh

‎10-04-2009 08:50 AM

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jan.nielsen
Level 7
Level 7

‎10-03-2009 01:33 PM

Certainly,

If your public address is the one assigned to your outside interface, this is how its done.

static (inside,outside) tcp interface 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 mail-server-ip 25 netmask 255.255.255.255

0 Helpful

Go to solution
dhananjoy chowdhury
Level 5
Level 5
In response to jan.nielsen

‎10-03-2009 10:14 PM

Also, in addition to the static NAT statements, you will have to allow TCP port 80 and port 25 on your OUTSIDE interface Access-List.

0 Helpful

Go to solution
Amin Shaikh
Level 1
Level 1
In response to dhananjoy chowdhury

‎10-04-2009 08:39 AM

Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP.

Is similar scenario documented on cisco documentation. Any Help.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Amin Shaikh

‎10-04-2009 08:50 AM

"Can I do the same without using ASA external (Outside) IP.

Assuming I have one free public IP."

Yes, as long as the public IP address has been assigned to your company.

The static statements would change slightly ie.

assuming free public IP - 195.17.17.10

static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255

static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25

"Is similar scenario documented on cisco documentation. Any Help."

Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card