Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco ASA 5510 port forward two external ip addresses to one internal ip address

Posted on 2012-03-19
9
1,663 Views
Last Modified: 2012-04-10
I'm replacing a Cyberguard SG580 with a Cisco ASA 5510.

On the SG580, I used alias IP addresses along with NAT port forwarding to forward two external ip addresses to one internal ip address.

How do I accomplish this on the ASA 5510?

When I use static routes, the ASA 5510 only allows 1 external ip address to be forwarded to 1 internal ip address.
0
Comment
Question by:Fletcher-Reinhardt
  • 4
  • 4
9 Comments
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37739389
I have over 30 on my 5520...

Depends on how it is setup. Is it one line or do you have 2 physical lines for your external?
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 500 total points
ID: 37739391
object network MyWebServer1
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.10

object network MyWebServer2
 host 192.168.1.10
 nat (inside,outside) static 1.2.3.11

access-l outside permit tcp any object MyWebServer1 eq www
access-l outside permit tcp any object MyWebServer2 eq www
access-g outside in int outside

Best regards
Kvistofta
0
 
LVL 1

Author Comment

by:Fletcher-Reinhardt
ID: 37762154
Kvistofta,
Your commands do not seem valid.
Can you correct or elaborate?

pclinuxguru
To answer your question, I only have one (1) physical line for my external ip address.  I want to forward both 1.2.3.10 and 1.2.3.11 to 192.168.1.10
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 17

Expert Comment

by:Kvistofta
ID: 37762965
If my commands are not valid in your box, I guess you have an older OS-version. Up to v8.2 uses another syntax, and with that syntax you cannot achieve what you want. If you upgrade to 8.3 or 8.4 you can use my commands above.

Best regards Kvistofta
0
 
LVL 1

Author Comment

by:Fletcher-Reinhardt
ID: 37763036
Kvistofta,
You are correct, the router we have is v8.2.  

Is it possible to do what I am trying to do on v8.2, or do I need to upgrade to v8.3?

Everything I tried will not allow two outside IP addresses to be forwarded to one inside IP address.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 37763045
It is not possible to do with 8.2, you need to upgrade to a newer version. After doing that, you can use my commands above.

Best regards
Kvistofta
0
 
LVL 1

Author Comment

by:Fletcher-Reinhardt
ID: 37824065
Kvistofta,
Your solution works for the most part, except when I ping MyWebServer2, the ACA sends back the IP Address of MyWebServer1.

How do I fix that?
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 37824075
Sounds like you should add icmp inspection. "fixup protocol icmp" and then "clear xlat".

Best regards
Kvistofta
0
 
LVL 1

Author Closing Comment

by:Fletcher-Reinhardt
ID: 37830827
Kvistofta knows the Cisco ASA!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question