two public ip with single inside ip natt

dabur10376004 · ‎09-06-2014

Hi

I am using Cisco ASA 5512-X with ios 9.1(2).

Our Server Local ip is 192.168.1.118 & it is natted with public ip 12.12.12.2 & TCP Ports 80 is open. command is given as below.

object network obj-192.168.1.118

description Server

host 192.168.1.118

nat (inside,outside) static 12.12.12.2

access-list 100 extended permit tcp any host 192.168.1.118 eq 80

access-group 100 in interface outside

above configuration is working.

New Requirement:

Additionally we need to Natt same Server Local ip is 192.168.1.118 with different Public ip 12.12.12.5 & open the TCP port 3389.

Kindly help us to do this.

Thanks

Vinod Kumar Gupta

Karsten Iwen · ‎09-06-2014

The easiest is to just add a port-forward for that particle service:

object network obj-192.168.1.118-RDP host 192.168.1.118 nat (inside,outside) static 12.12.12.5 service tcp 3389 3389 access-list 100 extended permit tcp any host 192.168.1.118 eq 3389

But if it's the same internal server, you also could use the existing NAT (with IP 12.12.12.2) and just extend your ACL with the above line. That could be much easer to understand for someone reading the config if a single internal server has always the IP on the outside.

dabur10376004 · ‎09-06-2014

thanks

I have tested above solution for port farwarding . The service is getting telnet on public ip 12.12.12.5 on port 3389 but the ip address 12.12.12.5 is not pinging from outside while 12.12.12.2 is pinging.

Please suggest.

Karsten Iwen · ‎09-06-2014

Yes, that's the configuration. For .5 only RDP is forwarded to the internal server. If you really want many services to the server, you really should run them all over the same public IP. That makes the config less complex. And complexity is one of the enemies of security.