Multiple-IP static NAT/port mapping with PIX/ASA

This is the scenario:


When there is a need of mapping an inside IP address to an outside IP we can do static NAT; you can also do only a port redirection. Here's how it's done in ASDM:


But what there is to be done when you have multiple inside IP's that need to be mapped to multiple addresses on the outside? Sure, you can choose a port forward for every inside host, but sometimes this is not enough - the hosts need to have outside "correspondents". ASA/PIX doesn't support adding multiple IPs on the interfaces ("secondary", like you would do on a router). A solution to this is to add a static ARP entry:


Now you can add your new IP for static NAT:

Speedy show run

Did you ever had to wait 10 seconds until your router config shows up after "show running-config"? Cisco enhaced your routing configuration experience by introducing a command that caches the configuration in memory:

Router(config)# parser config cache interface

After issuing this you have to do a "sh run" to cache the config.
This works on devices with the 12.2 and 12.3 release.

More info:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtinvgen.html

QoS on PIX/ASA - policing, traffic shaping, priority queuing

I'll try not to make a habit by posting someone else's articles but this is really intreresting and useful:

QoS on the PIX/ASA - Part 1:What Tools are Available?

QoS on the PIX/ASA – Part 2:The Modular Policy Framework

QoS on the PIX/ASA – Part 3:Priority Queuing

QoS on the PIX/ASA – Part 4:Traffic Shaping and Traffic Policing

Follow by Email

Sponsored Links

Labels