Cisco ASA 5510 port forward two external ip addresses to one internal ip address

I'm replacing a Cyberguard SG580 with a Cisco ASA 5510.

On the SG580, I used alias IP addresses along with NAT port forwarding to forward two external ip addresses to one internal ip address.

How do I accomplish this on the ASA 5510?

When I use static routes, the ASA 5510 only allows 1 external ip address to be forwarded to 1 internal ip address.
LVL 1
Fletcher-ReinhardtAsked:
Who is Participating?
 
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
Sounds like you should add icmp inspection. "fixup protocol icmp" and then "clear xlat".

Best regards
Kvistofta
0
 
pclinuxguruCommented:
I have over 30 on my 5520...

Depends on how it is setup. Is it one line or do you have 2 physical lines for your external?
0
 
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
object network MyWebServer1
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.10

object network MyWebServer2
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.11

access-l outside permit tcp any object MyWebServer1 eq www
access-l outside permit tcp any object MyWebServer2 eq www
access-g outside in int outside

Best regards
Kvistofta
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your commands do not seem valid.
Can you correct or elaborate?

pclinuxguru
To answer your question, I only have one (1) physical line for my external ip address.  I want to forward both 1.2.3.10 and 1.2.3.11 to 192.168.1.10
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
If my commands are not valid in your box, I guess you have an older OS-version. Up to v8.2 uses another syntax, and with that syntax you cannot achieve what you want. If you upgrade to 8.3 or 8.4 you can use my commands above.

Best regards Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
You are correct, the router we have is v8.2.  

Is it possible to do what I am trying to do on v8.2, or do I need to upgrade to v8.3?

Everything I tried will not allow two outside IP addresses to be forwarded to one inside IP address.
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
It is not possible to do with 8.2, you need to upgrade to a newer version. After doing that, you can use my commands above.

Best regards
Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your solution works for the most part, except when I ping MyWebServer2, the ACA sends back the IP Address of MyWebServer1.

How do I fix that?
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta knows the Cisco ASA!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.