I have a client that has 6 public IP addresses. He needs to use 3 of them. One for workstations which is currently working fine. It is using the default gateway IP. One for a email/web server which has a statis NAT and is also working fine. But we need an additional NAT but it is for 3 servers that all need to go out as the smae public IP. I am not sure and been unsuccessful getting those to go out as the same IP. I either cannot get them to exit the same IP or it breaks the workstation NAT.
Workstations would be 10.0.0.100 - 200 going oput the FE1 interface or I think x.x.94.122
Email would be 10.0.0.5 going out the statis NAT of x.x.94.123
I then need 10.0.0.2 - 4 to go out x.x.94.124
I removed some ACLs and IP info for security.
Attached is the current config.
Thanks in advance.
Todd
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address x.x.4.240 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
shutdown
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet1
ip address X.X.94.122 255.255.255.248
ip access-group 110 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$$ES_LAN$
ip address 10.0.0.254 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip local pool SDM_POOL_1 192.168.12.1 192.168.12.254
ip route 0.0.0.0 0.0.0.0 X.X.94.121
!
ip flow-top-talkers
top 50
sort-by bytes
cache-timeout 200
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.0.0.4 5900 interface FastEthernet0 5900
ip nat inside source static tcp 10.0.0.2 5001 interface FastEthernet0 5001
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1 overload
ip nat inside source static 10.0.0.5 X.X.94.123 route-map SDM_RMAP_2
ip nat inside source static 10.0.0.2 X.X.94.124 route-map SDM_RMAP_3
ip nat inside source static 10.0.0.4 X.X.94.125 route-map SDM_RMAP_4
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 104 permit ip 10.0.0.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 10.0.0.5 192.168.12.0 0.0.0.255
access-list 105 permit ip host 10.0.0.5 any
access-list 110 remark auto generated by SDM firewall configuration
access-list 110 remark SDM_ACL Category=1
!
!
!
route-map SDM_RMAP_4 permit 1
match ip address 107
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
route-map SDM_RMAP_2 permit 1
match ip address 105
!
route-map SDM_RMAP_3 permit 1
match ip address 106
!
