Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1218
Views
0
Helpful
0
Comments

CISCO 5510 8.2.2 Static NATTING issue

nobelleng
Community Member

‎02-11-2010 08:18 PM - edited ‎03-08-2019 06:32 PM

HI All,

Appreciate some help on my config if there is anything wrong. Was trying to help a customer to present their multiple webserver to Public. NOTE that some server is having 2 IP address one NIC in the same segment (example 10.73.18.213 and 10.73.18.214). Below is my configuration, funny is some server actually work, some doesn't. Any weird thing is, my customer is located at ISP hosting site, They mention that the gateway i should use is only xxx.xxx.241.209, But when I did a trace route, my 1st reply was actually hitting xxx.xxx.241.210.

ASA Version 8.2(2)
!
hostname XXXXXXXXXX

names
name xxx.xxx.250.7 XM_Office_IP1
name xxx.xxx.250.8 XM_Office_IP2
name xxx.xxx.250.9 XM_Office_IP3
dns-guard
!
interface Ethernet0/0
nameif PUBLIC
security-level 0
ip address xxx.xxx.241.212 255.255.255.240
!
interface Ethernet0/1
nameif DMZ
security-level 50
ip address 10.73.18.1 255.255.255.0
!
interface Ethernet0/2
nameif INTERNAL
security-level 100
ip address 10.71.0.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif Management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network XM_Office
network-object host XM_Office_IP1
network-object host XM_Office_IP2
network-object host XM_Office_IP3
object-group service XM_ACCESS_Service
service-object tcp eq 1433
service-object tcp eq 3306
service-object tcp eq 3389
service-object tcp eq 5666
service-object tcp eq ftp
service-object tcp eq ftp-data
service-object tcp eq pcanywhere-data
service-object tcp eq ssh
service-object udp eq pcanywhere-status
service-object icmp
object-group service PUBLIC_ACCESS_Service
service-object tcp eq www
service-object tcp eq https
object-group network XM_ACCESS_IPGROUP
network-object host xxx.xxx.241.212
network-object host xxx.xxx.241.213
network-object host xxx.xxx.241.214
network-object host xxx.xxx.241.215
network-object host xxx.xxx.241.216
network-object host xxx.xxx.241.217
network-object host xxx.xxx.241.218
network-object host xxx.xxx.241.219
network-object host xxx.xxx.241.220
network-object host xxx.xxx.241.221
network-object host xxx.xxx.241.222
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.222
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.221
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.220
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.219
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.218
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.217
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.216
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.215
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.214
access-list PUBLIC_access_in extended permit object-group PUBLIC_ACCESS_Service any host xxx.xxx.241.213
access-list PUBLIC_access_in extended permit object-group XM_ACCESS_Service object-group XM_Office object-group XM_ACCESS_IPGROUP
access-list INTERNAL_nat0_outbound extended permit ip 10.71.0.0 255.255.255.0 10.73.18.0 255.255.255.0
access-list DMZ_nat0_outbound extended permit ip 10.73.18.0 255.255.255.0 10.71.0.0 255.255.255.0
access-list INTERNAL_nat0_outbound_1 extended permit ip 10.71.0.0 255.255.255.0 10.73.18.0 255.255.255.0
access-list DMZ_access_in extended permit ip any any
access-list INTERNAL_access_in extended permit ip any any

nat-control
global (PUBLIC) 1 interface
nat (DMZ) 0 access-list DMZ_nat0_outbound outside
nat (INTERNAL) 0 access-list INTERNAL_nat0_outbound_1
nat (INTERNAL) 1 10.71.0.0 255.255.255.0
static (DMZ,PUBLIC) xxx.xxx.241.213 10.73.18.213 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.214 10.73.18.214 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.215 10.73.18.215 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.216 10.73.18.216 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.217 10.73.18.217 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.218 10.73.18.218 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.219 10.73.18.219 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.220 10.73.18.220 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.221 10.73.18.221 netmask 255.255.255.255
static (DMZ,PUBLIC) xxx.xxx.241.222 10.73.18.222 netmask 255.255.255.255
access-group PUBLIC_access_in in interface PUBLIC
access-group DMZ_access_in in interface DMZ
access-group INTERNAL_access_in in interface INTERNAL
route PUBLIC 0.0.0.0 0.0.0.0 xxx.xxx.241.209 1

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents