Multiple-IP static NAT/port mapping with PIX/ASA

[LEFT] [B] [URL="http://crazyvlan.blogspot.com/2008/11/multiple-ip-static-natport-mapping-with.html"]Multiple-IP static NAT/port mapping with PIX/ASA[/URL] [/B]

This is the scenario:

[URL="http://2.bp.blogspot.com/_t9hXgL98RHk/SQxrsMHnBJI/AAAAAAAAAGc/5rWSHtkqHgI/s1600-h/static.png"][IMG]http://2.bp.blogspot.com/_t9hXgL98RHk/SQxrsMHnBJI/AAAAAAAAAGc/5rWSHtkqHgI/s320/static.png[/IMG][/URL]
When there is a need of mapping an inside IP address to an outside IP we can do static NAT; you can also do only a port redirection. Here's how it's done in ASDM:

[URL="http://2.bp.blogspot.com/_t9hXgL98RHk/SQxqMV2SN-I/AAAAAAAAAGU/XxsbpdmXjFQ/s1600-h/static.png"][IMG]http://2.bp.blogspot.com/_t9hXgL98RHk/SQxqMV2SN-I/AAAAAAAAAGU/XxsbpdmXjFQ/s320/static.png[/IMG][/URL]
But what there is to be done when you have multiple inside IP's that need to be mapped to multiple addresses on the outside? Sure, you can choose a port forward for every inside host, but sometimes this is not enough - the hosts need to have outside "correspondents". ASA/PIX doesn't support adding multiple IPs on the interfaces ("secondary", like you would do on a router). A solution to this is to add a static ARP entry:

[URL="http://4.bp.blogspot.com/_t9hXgL98RHk/SQxsOUe8iCI/AAAAAAAAAGk/w0AZXgsZcVg/s1600-h/arp.png"][IMG]http://4.bp.blogspot.com/_t9hXgL98RHk/SQxsOUe8iCI/AAAAAAAAAGk/w0AZXgsZcVg/s320/arp.png[/IMG][/URL]
Now you can add your new IP for static NAT:

[URL="http://1.bp.blogspot.com/_t9hXgL98RHk/SQxtDwKb_7I/AAAAAAAAAGs/AwBdtL8qnYk/s1600-h/static_different_ip.png"][IMG]http://1.bp.blogspot.com/_t9hXgL98RHk/SQxtDwKb_7I/AAAAAAAAAGs/AwBdtL8qnYk/s320/static_different_ip.png[/IMG][/URL]


[/LEFT]