Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
2
Replies

Multiple RFC 1918 Web servers accessable from the Internet via 1 public IP

fsebera
Level 4
Level 4

‎05-07-2015 06:15 AM - edited ‎03-07-2019 11:54 PM

 

We are looking for options to support our multiple DMZ based Web (HTTP) servers to be accessed from the Internet

 

We have 10 Web servers in the DMZ using RFC 1918 addressing as such:

WS1 172.16.5.1 /24

WS2 172.16.5.2 /24

WS3 172.16.5.3 /24

etc. up to WS10 172.16.5.10 /24

 

Invalid options:

  1. Changing the HTTP port on each web server to a different port (as WS1 HTTP=8081, WS2 HTTP=8082, WS3 HTTP=8083 etc.) is not an acceptable solution as regular non-technical users will access these web servers and each web server servers different web content.

  2. Migrating all web pages onto the same server is not a solution in this case either. Each web server must be addressable on a different RFC 1918 IP address due to internal requirements.

  3. We cannot assign Public IP addresses to the DMZ web servers.

 

Our Cisco ASA 5512-X has a single public IP address on the Outside interface.

 

It appears a NAT option is needed and additionally (I guess) some type of device that can read the URL and direct the requests to the correct web server is needed.

 

Is there a solution we could enable on a Cisco router to fix this dilemma?

Thank you

Frank

Labels:
0 Helpful
2 Replies 2

Seth Bjorn
Level 1
Level 1

‎05-07-2015 11:05 AM

You can't do exactly as you wish with just an ASA firewall. You could get a reverse proxy and/or webapplication firewall to handle this for you. However you should note that if these webservers use SSL or not as there are complications with using SNI.

0 Helpful

fsebera
Level 4
Level 4
In response to Seth Bjorn

‎05-07-2015 05:26 PM

Hi Seth,

Thanks, I just downloaded a free trail copy of a reverse proxy server to install in the lab environment. I also understand a BlueCoat and F5 would also support this setup.

I remember reading a Cisco post where a Cisco router could be used to read URL strings in packets and using PBR route to the correct end-host web server. I'll keep looking.

Thanks again

Frank

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card