One to many NAT. MultiNat Cisco ASA/Pix How? 1

[F1lby]

Hi,

I'm running a Cisco ASA and currently have set up many to many Nat statics. All fine here. Used ACLs to define what ports are allowed through so mail, http services are translated from the OUTSIDE addresses to the DMZ addresses. All working well. So to clarify, I'm doing an IP to IP translation with ACL's to define what ports are allowed through.

However, I have a need to take TWO different DMZ hosts running different services on the DMZ and present them on the OUTSIDE as a SINGLE ip address - to clarify - one host is running HTTP (port 80) and the other FTP (port 21). So what I'm trying to do is to MAP port 80 from one host, port 21 from the other host and translate both ports of the two different hosts on to a SINGLE ip address, so both 80 and 21 will be present on a single IP address.

This is not possible with the current configuration as I'm using a STATIC to translate a WHOLE IP address, when in fact all I wish to do is to translate a single port, and not the whole host / IP.

Any advice on this conundrum would be very much appreciated.

Kindest Regards

Phil B

 

[Supergrrover]

What you want is policy NAT. The statics will change their format slightly

static (inside,outside) tcp internalIP 80 externalIP 80 netmask mask

So you can direct outside port 80 to internalIP#1 port 80 (or whatever you want) and then have the another static that will do outside port 443 to internalIP#2 port 443.

Brent
Systems Engineer / Consultant
CCNP, CCSP