Cisco ASA 5510 port forward two external ip addresses to one internal ip address

I'm replacing a Cyberguard SG580 with a Cisco ASA 5510.

On the SG580, I used alias IP addresses along with NAT port forwarding to forward two external ip addresses to one internal ip address.

How do I accomplish this on the ASA 5510?

When I use static routes, the ASA 5510 only allows 1 external ip address to be forwarded to 1 internal ip address.
LVL 1
Fletcher-ReinhardtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pclinuxguruCommented:
I have over 30 on my 5520...

Depends on how it is setup. Is it one line or do you have 2 physical lines for your external?
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
object network MyWebServer1
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.10

object network MyWebServer2
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.11

access-l outside permit tcp any object MyWebServer1 eq www
access-l outside permit tcp any object MyWebServer2 eq www
access-g outside in int outside

Best regards
Kvistofta
0
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your commands do not seem valid.
Can you correct or elaborate?

pclinuxguru
To answer your question, I only have one (1) physical line for my external ip address.  I want to forward both 1.2.3.10 and 1.2.3.11 to 192.168.1.10
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
If my commands are not valid in your box, I guess you have an older OS-version. Up to v8.2 uses another syntax, and with that syntax you cannot achieve what you want. If you upgrade to 8.3 or 8.4 you can use my commands above.

Best regards Kvistofta
0
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
You are correct, the router we have is v8.2.  

Is it possible to do what I am trying to do on v8.2, or do I need to upgrade to v8.3?

Everything I tried will not allow two outside IP addresses to be forwarded to one inside IP address.
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
It is not possible to do with 8.2, you need to upgrade to a newer version. After doing that, you can use my commands above.

Best regards
Kvistofta
0
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your solution works for the most part, except when I ping MyWebServer2, the ACA sends back the IP Address of MyWebServer1.

How do I fix that?
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Sounds like you should add icmp inspection. "fixup protocol icmp" and then "clear xlat".

Best regards
Kvistofta
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fletcher-ReinhardtAuthor Commented:
Kvistofta knows the Cisco ASA!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.