Posted by: Raj Perumal
Cisco, Cisco ASA, one to one NAT, Static NAT, static overlapping nat
Hi folks, I just wanted to discuss a key difference in some firewalls. One of the things you might find yourself doing, especially in a hosting scenario is creating static NAT entries. The entries are a one-to-one relationship between an external public IP address and an internal private IP address on your local or dmz network.
In some firewalls you can assign multiple public IP addresses to your external interface and in some firewalls you can’t. For the ones that you can, you can easily create multiple static NAT entries for the same internal IP. So one local IP address, but multiple public IP addresses on the same port. For example a web server that listens on port 80 for multiple public IPs.
But for firewalls that don’t bind the IP to the external interface such as the Cisco ASA, you cannot do this. If you try and do this you will get a static overlapping NAT error. How do you fix this?
You have to assign multiple internal IP addresses to your internal web server as well and then map each internal IP to an external IP. This will fix your problem!