• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 513
  • Last Modified:

ASA5510 - port static nat

I have two hosts on two different DMZ (mapped with 1 Public IP each). The host on DMZ_1 has two Internal IPs (see below).

Network_1 ->DMZ_1 network 176.16.10.0 255.255.255.0
Network_2 ->DMZ_2 network 176.16.20.0 255.255.255.0

NAT
DMZ_1 inside host 176.16.10.10 outside address 20.20.20.10
              Inside host 176.16.10.11 (second network card - no outside address)      
DMZ_2 inside host 176.16.20.20 outside address 20.20.20.20


What I need is to create a port static Nat
 For Outside IP: 20.20.20.20 to Inside IP: 176.16.10.11 for tcp 80. Accessible to anybody in the world.

2 questions?
1)      Will adding a rule (outside interface) for tcp 80 from any to 20.20.20.20 inbounds will work? +
           Then create a static NAT on DMZ_1 for 176.16.10.11 to be translated for           20.20.20.20
Will this be all?
2)      Will not be any problem since 20.20.20.20 is already translating host on DMZ_2 176.16.20.20?
Please let me know.
0
Faustino-12
Asked:
Faustino-12
1 Solution
 
MikeKaneCommented:
IF you have a Static NAT on 20.20.20.20 to 176.16.20.20, then you can *not* do a single port forward to another internal host.    

A Static 1 to 1 NAT is basically  a port forward for All ports to the selected host.  

So, the best workaround is to remove the 1 to 1 static nat from 176.16.20.20 and instead create the port forwards you need to each host.    

0
 
Faustino-12Author Commented:
Fare enough!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now