I have 2 Mailservers, Can I map 2 External IPs to the same Internal IP?
static (inside-HBG,outside-HBG) 192.168.1.8 10.1.0.9 netmask 255.255.255.255 static (inside-HBG,outside-HBG) 192.168.1.9 10.1.0.9 netmask 255.255.255.255
Seems logical to me.
The NAT translations will remain unique due to the external host's IP address/source port combination, and the specific global NAT IP address destination.
Best Regards, News Reader
| I have 2 Mailservers, | Can I map 2 External IPs to the same Internal IP? | | | static (inside-HBG,outside-HBG) 192.168.1.8 10.1.0.9 netmask 255.255.255.255 | static (inside-HBG,outside-HBG) 192.168.1.9 10.1.0.9 netmask 255.255.255.255
Have a look at this:
It says that the Inside IP address is already in use. )-:
Hmmm.. I think I follow it, though not sure how/why you would need to Expose the Private Address to the outside, I guess it would work if the 2nd static statement was
172.16.171.126Hmmm.. I think I might way for the DNS entry to time out on the remote server... (-;
Thanks,
No, it is *not* possible to route two entire external IPs to a single internal IP in a PIX or ASA.
The combination of protocol, source IP, source port, internal destination IP, and internal destination port must be unique in translations. If you try to map two entire IPs, then that would be "all protocols", "all source IPs", "all source ports", and "all internal destination ports", leaving only the internal destination IP as the distinguisher, but you want the internal destination IP to be the same in both cases. Not enough uniqueness.
The easier way to think of it is to think of the returned packets: when the returned packets got out to the PIX, how would the PIX know which external source IP to map the internal source IP to, since you would have two possibilities?
It *is* possible to, for example, map the POP3 port on 192.168.1.8 to the POP3 port on 10.1.0.9, and the SMTP port on 192.168.1.9 to the SMTP port on 10.1.0.9, because in that case you would configure by specific port.
It is even possible, with later PIX 6, to map so that if external host X sends to 192.168.1.8's SMTP port, that that maps to 10.1.0.9's SMTP port, and that if external host Y sends to
192.168.1.9's SMTP port, that that -also- maps to 10.1.0.9's SMTP port -- but only if you can nail down the external source IPs to distinguish the two cases.Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.