Hello all. Today I wanted to talk about a need that occasionally will arise in the networking world. I have been asked to have two public IP addresses mapped to one private IP address. Why would I want to do this? Well, I have had a few customers with several different needs for this sort of thing. One in particular has been that the customer had two external DNS entries pointing to two different mail servers for two different companies. Well, what happens if they decide to implement a single spam filter for both mail servers? You get two public IPs pointing to one private address (if your spam filter in internal to the network). Now, I looked into this and I was told by Cisco TAC that you could not do this (effectively) with the PRE-8.3 ASA code. I was told (by Cisco TAC) that I would need to upgrade to at least the 8.3 or greater code to be able to accomplish this. So, with each case as the need has arose, Ive done the upgrade.
Ok, so with the PRE-8.3 code, here is what the static NAT looks like:
static (inside,outside) tcp 22.214.171.124 smtp 192.168.1.11 smtp
Now, if you try to accomplish what we have talked about so far with the PRE-8.3 code, you are going to get the ASA complaining to you:
PRE-8.3 code would look like this:
static (inside,outside) tcp 126.96.36.199 smtp 192.168.1.10 smtp
static (inside,outside) tcp 188.8.131.52 smtp 192.168.1.10 smtp
Now, when you press "ENTER" after the second line, the ASA is going to say:
"ERROR: duplicate of existing static
inside:192.168.1.10 to outside:184.108.40.206 netmask 255.255.255.255"
Obviously, this is not cool if you are trying to solve this problem.
So, here is how we solve the problem. We do the 8.3 upgrade, then we do the below commands:
8.3 code looks like this:
object network obj-192.168.1.10-01
nat (inside,outside) static 220.127.116.11 service tcp smtp smtp
object network obj-192.168.1.10-02
nat (inside,outside) static 18.104.22.168 service tcp smtp smtp
Easy as that. Now, if I telnet to these two public IPs from the outside (to port 25), I get Exchange server messages.