11-10-2009 11:46 AM - edited 03-11-2019 09:38 AM
Hello,
I have a question about Static NAT.
My client use a Linux Firewall for Connection partners using L2L (about 70). He bought two 5520 to replace the current Linux Firewall. I conducted a survey of access rules for migration of the firewall and I have problems with some rules for nat statico. Today many clients connect to an external address static nat configured in Firewall for port redirection, but this by using multiple outside addresses to the same address inside. As we know there is a limitation to this configuration when using NAT on the ASA / PIX. Next example below:
static (inside,outside) tcp 200.200.200.10 80 10.10.10.10 netmask 255.255.255.255 80
static (inside,outside) tcp 200.200.200.20 80 10.10.10.10 netmask 255.255.255.255 80
Have any tips on how I can treat this type of NAT?
The client is even thinking about rolling back the purchase of Cisco ASA due to this limitation.
Can you help?
Thank you very much !!
Att:
Rubens
11-10-2009 12:04 PM
Rubens,
That cannot be implemented on an ASA. With statics, or even policy statics it won't work. The ASA will complain about mapped address conflicts.
The question would be why do you want to do that?
PK
11-10-2009 12:18 PM
Hi PK,
Exactly right. I know that conflicts, but the client is very moroless because it uses a Linux configuration that accomplishe this without major problems. Posted this case here, to verify together if
can find a solution rsrsrsr ...
11-10-2009 06:04 PM
you might want to check this
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml
and restrict the access to port 80 with a access-list on the outside interface. Not sure if this would work with ports in either access-list or static.
11-11-2009 08:41 AM
vikram's solution will still not work. The ASA will give an error.
It cannot be done.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide