Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


Multiple RFC 1918 Web servers accessable from the Internet via 1 public IP


We are looking for options to support our multiple DMZ based Web (HTTP) servers to be accessed from the Internet


We have 10 Web servers in the DMZ using RFC 1918 addressing as such:

WS1 /24

WS2 /24

WS3 /24

etc. up to WS10 /24


Invalid options:

  1. Changing the HTTP port on each web server to a different port (as WS1 HTTP=8081, WS2 HTTP=8082, WS3 HTTP=8083 etc.) is not an acceptable solution as regular non-technical users will access these web servers and each web server servers different web content.

  2. Migrating all web pages onto the same server is not a solution in this case either. Each web server must be addressable on a different RFC 1918 IP address due to internal requirements.

  3. We cannot assign Public IP addresses to the DMZ web servers.


Our Cisco ASA 5512-X has a single public IP address on the Outside interface.


It appears a NAT option is needed and additionally (I guess) some type of device that can read the URL and direct the requests to the correct web server is needed.


Is there a solution we could enable on a Cisco router to fix this dilemma?

Thank you


Everyone's tags (1)

You can't do exactly as you

You can't do exactly as you wish with just an ASA firewall. You could get a reverse proxy and/or webapplication firewall to handle this for you. However you should note that if these webservers use SSL or not as there are complications with using SNI.


Hi Seth,Thanks, I just

Hi Seth,

Thanks, I just downloaded a free trail copy of a reverse proxy server to install in the lab environment. I also understand a BlueCoat and F5 would also support this setup.

I remember reading a Cisco post where a Cisco router could be used to read URL strings in packets and using PBR route to the correct end-host web server. I'll keep looking.

Thanks again


CreatePlease to create content
Content for Community-Ad