Re: Representing internal server with 2 different Public IP

man i try to use my yahoo disposable email to post, to limit spam, but it
stops spam by dropping half the email it gets. i didnt see these posts
till i checked to see if my email actually went out by checking this
account.

anyways, no, i tested below

access-list smtp_host_tcp_6 extended permit tcp host 192.168.0.55 eq smtp any
access-list smtp_host_tcp_7 extended permit tcp host 192.168.0.55 eq smtp any
access-list smtp_host_tcp_8 extended permit tcp host 192.168.0.55 eq smtp any
static (inside,outside) tcp 192.168.2.6 smtp access-list smtp_host_tcp_6
static (inside,outside) tcp 192.168.2.7 smtp access-list smtp_host_tcp_7
static (inside,outside) tcp 192.168.2.8 smtp access-list smtp_host_tcp_8

and the firewall took it, i've never done this in practice though. This is
at least scalable on the publishing side unlike my post (from funky).
However, same caveat in that when the host initiates traffic to the
outside using port 25, it will always show as the first rule (192.168.2.6)
that hits. you probably woulndt care though since your email server would
or rather should never initiate traffic from port 25. just make sure to
add in a nat/global statement or static to cover your email server sending
email out i guess.

access-list smtp_host extended permit ip host 192.168.0.55 any
static (inside,outside) 192.168.2.6 access-list smtp_host

your example is a little wierd though, im trying to think why you would
want an email server to show up as different ip addresses since no matter
how you look at it, there is no way for server initiated traffic to be
anything other then the first ip address unless you're setting this up as
a recieve only gateway.

armin

> Thanks guys I thought the same.But I guess we cannot do with port
forwarding
> right?
>
> Regrads
> Imran
>
> On Thu, Apr 29, 2010 at 6:40 AM, Keith Barker <kbarker_at_ine.com> wrote:
>
>> Hi Tyson-
>> I had this in a lab i created a while back. As far as reliability, it
was
>> enough for a student to get 2 points. :) When clients connect to the
>> global outside addresses, it would be an un-translation on the ASA.
If
>> the
>> server initiated traffic, I see how it may be questionable regarding which
>> translation would be used for that traffic going outbound.
>> So, in short: lab only.
>> Best wishes,
>> Keith
>> > Keith,
>> >
>> > Did you find it reliable? In the past when I have used this I have
>> seen
>> > communication forwarded from the wrong NAT? I found it to be
>> inconsistent
>> > for a production service? Did you implement it in production or Lab?
>> >
>> > Regards,
>> >
>> > Tyson Scott - CCIE #13513 R&S, Security, and SP
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
>> Of
>> > Keith Barker
>> > Sent: Wednesday, April 28, 2010 1:44 PM
>> > To: 'imran mohammed'; 'Cisco certification'
>> > Subject: RE: Representing internal server with 2 different Public IP
>> >
>> > Imran -
>> >
>> > I have done it before on the ASA with the following:
>> >
>> > access-list policy_nat_web1 extended permit ip host 192.168.100.50
any
>> >
>> > access-list policy_nat_web2 extended permit ip host 192.168.100.50
any
>> >
>> >
>> > static (inside,outside) 24.16.171.125 access-list policy_nat_web1
>> >
>> > static (inside,outside) 24.16.171.126 access-list policy_nat_web2
>> >
>> > Also, just looking at the responses, I see that Swap posted that same
>> about
>> > an hour ago.
>> >
>> > Best wishes,
>> >
>> > Keith
>> >
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
>> Of
>> > imran mohammed
>> > Sent: Wednesday, April 28, 2010 6:36 AM
>> > To: Cisco certification
>> > Subject: Re: Representing internal server with 2 different Public IP
>> >
>> > Hi,
>> >
>> > The requirement is I need to represent internal server with 2
>> different
>> > public ip.
>> >
>> > Example
>> >
>> > When I hit the firewall 10.1.1.1 on outside it should redirect to
>> 20.1.1.1
>> > (internal server)
>> > If I hit with 30.1.1.1 on outside it should redirect to same ip
>> 20.1.1.1
>> > (internal server)
>> >
>> >
>> > Regards
>> > Imran
>> >
>> > On Wed, Apr 28, 2010 at 5:02 PM, imran mohammed
>> > <imran4cisco_at_gmail.com>wrote:
>> >
>> >> Hi All,
>> >>
>> >>
>> >> Is there any way we can represent internal server with 2 public Ip
>> > address.
>> >>
>> >> static (inside,outside) tcp 88.x.x.49 smtp 192.168.0.55 smtp static
(inside,outside) tcp 88.x.x.51 smtp 192.168.0.55 smtp
>> >>
>> >> The above command doesnt work.I know it doesnt make sense but that
is
>> the
>> >> requirement.
>> >>
>> >> I tried this as well doesnt work
>> >> static (inside,outside) tcp 88.x.x.49 smtp 192.168.0.55 smtp static
(inside,outside) tcp 88.x.x.51 2043 192.168.0.55 smtp
>> >>
>> >> Is there anyway to do this.
>> >>
>> >> Regards
>> >> Imran
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 29 2010 - 04:19:43 ART