Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1698
  • Last Modified:

Cisco ASA 5510 port forward two external ip addresses to one internal ip address

I'm replacing a Cyberguard SG580 with a Cisco ASA 5510.

On the SG580, I used alias IP addresses along with NAT port forwarding to forward two external ip addresses to one internal ip address.

How do I accomplish this on the ASA 5510?

When I use static routes, the ASA 5510 only allows 1 external ip address to be forwarded to 1 internal ip address.
0
Fletcher-Reinhardt
Asked:
Fletcher-Reinhardt
  • 4
  • 4
2 Solutions
 
pclinuxguruCommented:
I have over 30 on my 5520...

Depends on how it is setup. Is it one line or do you have 2 physical lines for your external?
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
object network MyWebServer1
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.10

object network MyWebServer2
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.11

access-l outside permit tcp any object MyWebServer1 eq www
access-l outside permit tcp any object MyWebServer2 eq www
access-g outside in int outside

Best regards
Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your commands do not seem valid.
Can you correct or elaborate?

pclinuxguru
To answer your question, I only have one (1) physical line for my external ip address.  I want to forward both 1.2.3.10 and 1.2.3.11 to 192.168.1.10
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
If my commands are not valid in your box, I guess you have an older OS-version. Up to v8.2 uses another syntax, and with that syntax you cannot achieve what you want. If you upgrade to 8.3 or 8.4 you can use my commands above.

Best regards Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
You are correct, the router we have is v8.2.  

Is it possible to do what I am trying to do on v8.2, or do I need to upgrade to v8.3?

Everything I tried will not allow two outside IP addresses to be forwarded to one inside IP address.
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
It is not possible to do with 8.2, you need to upgrade to a newer version. After doing that, you can use my commands above.

Best regards
Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta,
Your solution works for the most part, except when I ping MyWebServer2, the ACA sends back the IP Address of MyWebServer1.

How do I fix that?
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Sounds like you should add icmp inspection. "fixup protocol icmp" and then "clear xlat".

Best regards
Kvistofta
0
 
Fletcher-ReinhardtAuthor Commented:
Kvistofta knows the Cisco ASA!
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now