02-28-2013 12:33 PM - edited 03-11-2019 06:07 PM
Hi,
As long as this is for inbound traffic only, I'm assuming this will not cause problems?
Two different public ips on the outside interface (doesn't include the interface ip) static natted to a single dmz host.
Thanks.
Solved! Go to Solution.
02-28-2013 12:51 PM
Hi,
I think it should work in the way you describe.
If connections are opened from the "outside" there should be no problem.
On the other hand if the server opens the connections at some point, it will only be using only one of the Static NAT configurations when connecting "outside". And the the Static NAT used for outbound connections would be chosen according to how the ASA handles NAT order of operations.
- Jouni
02-28-2013 12:39 PM
Hi,
You mean that you want 2 public IP addresses for a single DMZ host IP address?
Is theres a specific reason for this kind of setup and what is it?
I guess you can configure this but for it to actually have any possibility to work you have to somehow specify when each public IP address is used.
Can you first clarify the reasoning for looking for this kind of NAT setup and then we could look into the actual configuration.
Also mention your device software version.
- Jouni
02-28-2013 12:44 PM
Thanks for your reply. IOS is 8.3(2).
The webmaster specified that setup. Domain names resolve to the seperate outside address.
name1.domain.com = > public ip 1 => dmz host foo
name2.domain.com => public ip 2 => dmz host foo
dmz host foo uses http headers to determine which website traffic is sent to
My understanding was as long as the traffic is initiated inbound, this would work okay.
02-28-2013 12:51 PM
Hi,
I think it should work in the way you describe.
If connections are opened from the "outside" there should be no problem.
On the other hand if the server opens the connections at some point, it will only be using only one of the Static NAT configurations when connecting "outside". And the the Static NAT used for outbound connections would be chosen according to how the ASA handles NAT order of operations.
- Jouni
02-28-2013 01:03 PM
Seems to be working in testing as you describe.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide