Asa 5510k8 but for now im not sure with the port numbers.

But could you please give me some example? Thanks

I can give examples but I need to know the software version you are running.

Can you just post the configuration of your ASA ?

Jon

My Configuration for 1 server to 1 public IP
object-group service test1 tcp
port-object eq www

access-list outside_access_in extended permit tcp any host 111.44.77.121 object-
group test1
 

static (inside,outside) 111.44.77.121 192.168.1.1 netmask 255.255.255.255

Software version 7.0(6)

You can use an object group if you like but at it's most simple -

static (inside,outside) tcp 111.44.77.121 80 192.168.1.1 80 netmask 255.255.255.255

access-list <name> permit tcp any host 114.44.77.121 eq http

you will need a separate static statement per port and you would need to add another line to your acl.

If you want the same port eg. port 80 to go to two different private IPs I'm not sure you can do that although I seem to remember seeing a way to achieve it in these forums.

I may be misremembering.

Do you need the same port for both internal servers ?

Jon

If im going to access it thru web. Do i always need to use port 80?

Sorry newbie here.

Thanks 

That's more of an application question than a network one to be honest.

Your static NAT statements can refer to any ports if that is what you are asking.

Jon

I see. So if ever I'm going to setup with different port number the command will be this?

static (inside,outside) tcp 111.44.77.121 80 192.168.1.1 80 netmask 255.255.255.255

access-list <name> permit tcp any host 114.44.77.121 eq http

static (inside,outside) tcp 111.44.77.121 8881 192.168.1.2 8881 netmask 255.255.255.255

access-list <name> permit tcp any host 114.44.77.121 eq 8881

do I need to use object-group??

thank you

Yes, that is exactly how you would do it.

Note also that you can change the port if needed ie. you present a certain port number to the outside on your public IP and then use a different port number on the inside real IP.

You may not need to but just thought I'd mention it.

No, you do not need to use object groups if you don't want to.

Jon

"then use a different port number on the inside real IP." - does it mean I will depend on my port number(inside) or what server port number will be ?

So now I'm just Curious... Currently If I type this 111.44.77.121 (public IP) to my browser it will direct me to private (inside add).

Now my Question is If I Configure 2servers to 1 public IP how can I access It??

Example:

Browser - 111.44.77.121:80 ? and the other one will be 111.44.77.121:8881

thank you

does it mean I will depend on my port number(inside) or what server port number will be ?

The real port will the port the server is listening on but that doesn't have to be the same port you present to the internet.

Not sure what you second question is asking.

How you access it depends on the application on the server not the ASA.

Jon

noted sir. but for now Ill just need to test it so I could see the result.

thank you so much.. I will send you an update if its working..

thanks