Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: cisco asa overload a static map?

cisco asa overload a static map? 8 years 2 months ago #27392

  • adam247
  • adam247's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
We need to migrate to a new net block and I figured the easiest way would be to map an additional address to an existing internal. But the ASA won't let me do that.

Any way to work around this?

The only other way I could think to do this would be to assign an additional private address to the internal server and create a new static map to the new address.

Thanks.
The administrator has disabled public write access.

Re: cisco asa overload a static map? 8 years 2 months ago #27424

  • Patiot
  • Patiot's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
Can you please elaborate on your problem description .

Thanks
Patiot
The administrator has disabled public write access.

Re: cisco asa overload a static map? 8 years 2 months ago #27523

  • adam247
  • adam247's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Sure, Let's see if I can explain it adequately.

Our ASA is configured to NAT certain public addresses 1.1.1.0/24 to certain private addresses 192.168.1.0/24. e.g.. 1.1.1.10 is static natted to 192.168.1.10. They are all listed in individual static nat statements.

Now we want to migrate to a new public address block 2.2.2.0/24. When I enter the command to nat 2.2.2.10 to 192.168.1.10 it says its already in use, can't do that. (staying with above example).

That's the rub. I'd like to use the new address simultaneously with the old address but the ASA won't let me do that.

Any suggestions to work around this limitation?

Thanks.
The administrator has disabled public write access.

Re: cisco asa overload a static map? 8 years 2 months ago #27525

  • Patiot
  • Patiot's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
Hello ,

It cannot be done , you will not be able to map two addresses to one address in case of static NAT .

You will have to remove the existing nat statement and include the new one .

Thanks
Patiot
The administrator has disabled public write access.

Re: cisco asa overload a static map? 8 years 2 months ago #27528

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
The only other way I could think to do this would be to assign an additional private address to the internal server and create a new static map to the new address.

Thats a very valid option too. I've seen Windows handle multiple IPs on the same NIC very well. Linux should do it as well.

Alternatively, If you have a spare ASA or PIX, you could create a static map from the old 1.1.1.x to 2.2.2.x and connect the inside of that to the outside of the original ASA. And only keep one map from 2.2.2.x to 192.168.1.x on your original ASA. Just an idea that popped, I could be wrong here.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup