07-18-2021 03:28 PM
Would this simply be a setup using NAT/PAT and depending on the application/Port would determine which Network (192.168.3.0) IP would use which Static IP or is there a way to assign a Network IP it's own Static.
I have 1 spare Interface w/ 3 Static IP's I want to utilize so I was going to divide a switch into 3 vlans but not sure if I am looking at this correctly.
Solved! Go to Solution.
07-19-2021 07:15 AM
You could perhaps do it the way that you suggest using a spare interface. But there is a more simple (and I believe better) way to use those 3 Public IP addresses. Configure 3 static nat statements on the ASA which would map the Public IP to the private IP used for that service. This way any packet sent from the Internet to the Public IP associated with the web server would be translated and sent to the private IP used by the web server.
07-19-2021 04:47 AM
Until there is a requirement for 3 VLANs to separate you can do it inside.
Do you mean to say there is a NAT pool to go out using 3 IP addresses of Public IP address? you can use any one of the IP or 3 IP depends on the requirement.
you would like to use to incoming traffic you can do static nat wit Public IP any one of them to inside?
I Hope is this what are you looking to do?
07-19-2021 06:42 AM
Morning
Currently there is no setup. What I have are 3 Static IP’s (Internet IP’s) I wish to utilize for let’s say, email server, web server and Minecraft (all examples) but I have 1 free Interface on my 5508-X.
Would I be able to create a 192.168.3.0 Network on GE 1/3 on 5508-X and then have that connect to a Switch and from there make Email 192.168.3.2, Web Server 192.168.3.3 and then 192.168.3.4 but when they touch the Net they use their own Static IP assigned to that specific LAN IP
07-19-2021 07:15 AM
You could perhaps do it the way that you suggest using a spare interface. But there is a more simple (and I believe better) way to use those 3 Public IP addresses. Configure 3 static nat statements on the ASA which would map the Public IP to the private IP used for that service. This way any packet sent from the Internet to the Public IP associated with the web server would be translated and sent to the private IP used by the web server.
07-19-2021 11:08 AM
Alright I believe I am following. I would still need a L2 Switch to plug into the Interface GE 1/3 with a network 192.168.3.0 and each device on that Switch will be NATted to its correct outside IP.
07-19-2021 08:20 AM
Personally, i would use 1 Public IP address for outgoing NAT for all the Lan to Internet
for incoming requests, i use other 2 IP addresses, so you well defined incoming IP address to the Local IP address
is this make sense?
07-19-2021 11:11 AM
Interesting. I do understand the concept of all Outgoing uses 1 Outside IP and the Incoming would be NAT specific to its respective Outside IP coming in and being directed to the Server or Application.
Being that the IP’s in question are indeed public knowledge (in terms of they are acting as servers on the Internet) wouldn’t it be beneficial in a sense to monitor traffic (in regards to what IP is doing what outbound) by using each IP?
Any easy description to the benefit of using the 1 outgoing?
07-19-2021 11:10 AM
Hello
@fbeye wrote:
I have 1 spare Interface w/ 3 Static IP's I want to utilize so I was going to divide a switch into 3 vlans but not sure if I am looking at this correctly.
Is this then 4 static public routable ip addresses in total ( 3 free and 1 assigned to your wan interface of the rtr, or 2 free and 1 assigned to your wan rtr interface?)
example ( 4 public ip address)
rtrs wan interface 1.1.1.10
spare 1 1.1.1.11
spare 2 1.1.1.12
spare 2 1.1.1.13
3 lan vlans 182.168.3.0/24
(vlan 11- 192.168.3.0/25)
static pat host 192.168.3.2
(vlan 12- 192.168.3.129/192
static pat host2 192.168.3.130
(vlan 13- 192.168.3.193/192)
static pat host3 192.168.3.194
access-list 100 remark LAN subnet:
deny ip host 192.168.3.2 any
deny ip host 192.168.3.130 any
deny ip host 192.168.3.193 any
permit ip 192.168.3.0 0.0.0.255 any
ip nat inside source list 100 inteface <wan interface> - Pat statement for all an clients (except static pat hosts)
ip nat nside source static tcp 192.168.3.2 25 1.1.1.11 25 <-- static pat for email smtp server
ip nat nside source static tcp 192.168.3.130 443 1.1.1.12 443 <-- static pat for web https server
ip nat nside source static tcp 192.168.3.194 3074 1.1.1.13 3074 extendable <-- static pat for minecraft xbox360 server
ip nat nside source static udp 192.168.3.194 88 1.1.1.13 88 extendable
ip nat nside source static udp 192.168.3.194 3074 1.1.1.13 3074 extendable
07-19-2021 11:21 AM
Wow very thorough I appreciate it! I will look at this over better tonight.
It is a stack of 8 IP’s, 5 usable but regardless of 3 or 5 your example should be the same. I will let you know when I get home how it all looks.
07-19-2021 12:23 PM
it does not matter how many IP address syntax is the same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide