Solved: Cisco ASA - How to configure two IIS server routing with 1 IP address? - Page 2

alafever1 · ‎05-11-2016

Hello Community,

I've in a bit of a bind here. I am trying to release a QA server into our environment for a client. We currently have a Web server already configured and working in the DMZ. I've added the QA server into the DMZ as well. The problem comes in because I only have one Public IP address I can use and I do not have the ability to add more to this network.

I would like to setup the ASA to forward traffic received over a specific port to this QA server as opposed to the other Web server. I am OK with having a www.urlhere.com:portnumber type URL. I've tried a couple of configurations but have not been able to get the URL to actually reach the QA server on the port I specify.

I've added Access Rules and NAT rules with no success. Can anyone give me an outline of what might be required for this setup?

1 Public IP

2 servers in DMZ with IIS

Thank you!

Tim Y · ‎05-12-2016

Hi,

Please remove the rule and re-add it at the top of the list:

nat (outside,dmz) 1 source static any any destination static interface QA-SERVER service QA-SERVER-TCP55100 web unidirectional

I believe this is the problem. After, please test again. Ensure you are testing from an external internet connection and not from something on the inside/dmz of the firewall. If it is still not working:

Let me know if the hits on the firewall are incrementing. If yes,

Connect to the QA IIS from the inside using the inside IP on port 443. Does it work? If yes,

We'll have to start a packet capture to see if the packets are getting dropped and the drop reason

Regards,

Tim