Hi,

I'm new with the ASA.

We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP adress.

I already tried some suggestions from the community but haven't been able to find the sollutions.

xxx.xxx.xxx.194 is going to the internal IP of 192.168.60.1 for OWA (https)

xxx.xxx.xxx.195 should go to a new webserver on 192.168.60.3

both server should be connected using SSL

Can anybody give me a clue to configure this ASA properly.

This is the current configuration :

ASA Version 8.3(1)
!
hostname fw
domain-name domain.local
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.60.250 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name domain.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.70.0_26
subnet 192.168.70.0 255.255.255.192

object network https_mailserver
host 192.168.60.1
object network smtp_mailserver
host 192.168.60.1
object network pptp_server
host 192.168.60.1
object network NETWORK_OBJ_192.168.31.0_24
subnet 192.168.31.0 255.255.255.0
object network NETWORK_OBJ_192.168.60.0_24
subnet 192.168.60.0 255.255.255.0

access-list outside_access_in extended permit tcp any 192.168.60.0 255.255.255.0 eq https
access-list outside_access_in extended permit tcp any 192.168.60.0 255.255.255.0 eq smtp
access-list outside_access_in extended permit tcp any 192.168.60.0 255.255.255.0 eq pptp
access-list outside_1_cryptomap extended permit ip 192.168.60.0 255.255.255.0 192.168.31.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool officeconnect_pool 192.168.70.10-192.168.70.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit host 193.172.180.230 echo-reply outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.70.0_26 NETWORK_OBJ_192.168.70.0_26
nat (inside,outside) source static NETWORK_OBJ_192.168.60.0_24 NETWORK_OBJ_192.168.60.0_24 destination static NETWORK_OBJ_192.168.31.0_24 NETWORK_OBJ_192.168.31.0_24
!
object network obj_any
nat (inside,outside) dynamic interface
object network https_mailserver
nat (inside,outside) static interface service tcp https https
object network smtp_mailserver
nat (inside,outside) static interface service tcp smtp smtp
object network pptp_server
nat (inside,outside) static interface service tcp pptp pptp
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 213.125.167.193 1
route inside 192.168.101.0 255.255.255.0 192.168.60.241 1