FredCoNet
asked on
nat or pat many internal ip's to one external ip
I am trying to conserve external addresses. I have three internal workstations that want to open port 5223 on outside to reach one external address. With the pix there used to be a way to PAT many internal addresses to one external address. I just upgraded asa software from 7.0 to 8.03 and now PAT is available.
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
name 192.168.1.10 Internal_host
access-list inbound permit tcp any interface outside eq 5223
static (inside,outside) tcp interface 5223 Internal_host 5223 netmask 255.255.255.255
access-group inbound in interface outside
will just use one External IP and fulfil all your needs (Assuming 192168.1.10 is the host on the internal network you want to send port 5223 to, also I'm assuming that its a TCP port.)
Pete
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
name 192.168.1.10 Internal_host
access-list inbound permit tcp any interface outside eq 5223
static (inside,outside) tcp interface 5223 Internal_host 5223 netmask 255.255.255.255
access-group inbound in interface outside
will just use one External IP and fulfil all your needs (Assuming 192168.1.10 is the host on the internal network you want to send port 5223 to, also I'm assuming that its a TCP port.)
Pete
ASKER
so if I have a 10.network internally and have single ip of 22x.x74.xxx.xx
name 10.2.1.10 Internal_host
name 10.2.1.11 Internal_host
name 10.2.1.12 Internal_host
would there be multiple nat statements
such as
nat (inside) 110.2.1.10 22x.x74.xxx.xx
nat (inside) 110.2.1.11 22x.x74.xxx.xx
nat (inside) 110.2.1.12 22x.x74.xxx.xx
is this where the single ext address specified
just need to make sure I understand it
obliviously numbers are not real
name 10.2.1.10 Internal_host
name 10.2.1.11 Internal_host
name 10.2.1.12 Internal_host
would there be multiple nat statements
such as
nat (inside) 110.2.1.10 22x.x74.xxx.xx
nat (inside) 110.2.1.11 22x.x74.xxx.xx
nat (inside) 110.2.1.12 22x.x74.xxx.xx
is this where the single ext address specified
just need to make sure I understand it
obliviously numbers are not real
ASKER
jmeggers:
using some int ips such as
10.2.1.10
10.2.1.10
10.2.1.10
and an external ip of
22x.x74.xxx.xx
using an ACL with the workstation's IP addresses
nat (inside) 2 access-list <name>
global (outside) 2 x.x.x.x
access-list 2 permit tcp 10.2.1.10 255.255.255.255 remoteip eq 5223
or
access-list 2 permit tcp 10.2.1.10 255.255.255.248 remoteip eq 5223
using some int ips such as
10.2.1.10
10.2.1.10
10.2.1.10
and an external ip of
22x.x74.xxx.xx
using an ACL with the workstation's IP addresses
nat (inside) 2 access-list <name>
global (outside) 2 x.x.x.x
access-list 2 permit tcp 10.2.1.10 255.255.255.255 remoteip eq 5223
or
access-list 2 permit tcp 10.2.1.10 255.255.255.248 remoteip eq 5223
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the solution
nat (inside) 2 access-list <name>
global (outside) 2 x.x.x.x