NAT issue

futrenadmin · ‎06-05-2006

On my 506E (IOS 6.3(3)) I can run multiple public NATs against a single internal IP but it looks like in 7.0 (ASA5510) its limited to 1:1.

Here's my previous config:

static (inside,outside) xx.xx.xx.10 192.168.1.9 netmask 255.255.255.255 0 0

static (inside,outside) xx.xx.xx.11 192.168.1.9 netmask 255.255.255.255 0 0

etc.

192.168.1.9 is my internal Mail gateway and unforetunately is limited to a single internal IP. I currently have multiple public MX IP records pointing to the single gateway address on my 506E.

Any thoughts on how to handle this with the ASA5510?

Thanks,

Ryan

Fernando_Meza · ‎06-05-2006

Hi .... static NAT only supports a one-to-one mapping. this applies to any version.

The static command creates a one-to-one address translation rule (called a static translation slot or

“xlate”). Each local address is translated to a fixed global address.

What you could do is to create a vitual adapter on your mail server and give it another IP i.e 192.168.1.10. Then create another static pointing the second Public IP to this IP. In this way you will be reaching the same mail server.

I hope it helps ... please rate it if it does !!

futrenadmin · ‎06-05-2006

Fernando,

Thanks for the reply. I must be dealing with bug then because in ver 6.3(3) I can NAT several public IP addresses to a single internal private IP address using the static command. I'm running it successfuly right now.

Unforetunately, it looks like I'm limited to a single private IP address on my mail gateway (Barracuda). I think at this point I might be stuck with changing my MX Host records in DNS for each domain to point back to a single NAT address since in 7.0 I am restricted to a 1:1 translation.

Thoughts?

Thanks,

Ryan

Fernando_Meza · ‎06-05-2006

It probably it is a bug as I have never heard of something like that been supported. The release for version 3.3 does not mention anything about it though so perhaps you should reported to cisco ..