03-15-2012 08:14 AM - edited 03-11-2019 03:42 PM
Hello,
We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is:
I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general. Thank you in advance for the replies.
Solved! Go to Solution.
03-15-2012 04:51 PM
Alex,
I did find this listed under another topic:
static (inside,outside)
https://supportforums.cisco.com/thread/2110044
That is the thread I pulled it from. Could really work like that?
Sent from Cisco Technical Support iPad App
03-15-2012 04:53 PM
Joel,
That's correct - a static NAT plus the access-list entry allowing the traffic from outside to inside on the IP address plus tcp ports your server requires. No subinterface or second interface is required (assuming your additional IP is in the same network as the original one or that your ISP is routing it as in the example cited in the link you found). When you add the static NAT it will allow the ASA to respond to arps received on the outside interface, populate the xlate table and respond accord to the access-list and nat rules you have configured.
03-15-2012 05:00 PM
Marvin,
Thanks. I'll be trying this tomorrow. All the help is really appreciated.
Sent from Cisco Technical Support iPad App
03-16-2012 12:55 PM
Marvin,
This got us up and running. Thank you so much for your help.
Sent from Cisco Technical Support iPad App
03-16-2012 01:13 PM
Great - you're welcome. Thanks for confirming the solution and letting us know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide