cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3434
Views
15
Helpful
15
Replies

Cisco ASA - How to configure two IIS server routing with 1 IP address?

alafever1
Level 1
Level 1

Hello Community,

I've in a bit of a bind here.  I am trying to release a QA server into our environment for a client.  We currently have a Web server already configured and working in the DMZ.  I've added the QA server into the DMZ as well.  The problem comes in because I only have one Public IP address I can use and I do not have the ability to add more to this network.  

I would like to setup the ASA to forward traffic received over a specific port to this QA server as opposed to the other Web server.  I am OK with having a www.urlhere.com:portnumber  type URL.  I've tried a couple of configurations but have not been able to get the URL to actually reach the QA server on the port I specify.  

I've added Access Rules and NAT rules with no success.  Can anyone give me an outline of what might be required for this setup?

1 Public IP

2 servers in DMZ with IIS

Thank you!

15 Replies 15

Hi, 

Please remove the rule and re-add it at the top of the list:

nat (outside,dmz) 1 source static any any destination static interface QA-SERVER service QA-SERVER-TCP55100 web unidirectional

I believe this is the problem. After, please test again. Ensure you are testing from an external internet connection and not from something on the inside/dmz of the firewall. If it is still not working:

  • Let me know if the hits on the firewall are incrementing. If yes,
    • Connect to the QA IIS from the inside using the inside IP on port 443. Does it work? If yes,
      • We'll have to start a packet capture to see if the packets are getting dropped and the drop reason

Regards,

Tim

Review Cisco Networking for a $25 gift card