cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

340
Views
0
Helpful
7
Replies
Highlighted
Beginner

Public server over vpn

We have asa connected via vpn

Site 1 is live

Site 2 is in. Standby

We have a web site (asa public server) which is live in site 1. We need to switch this to site 2, as the site 1 dc is shutting down. What we need to do is redirect all traffic hitting the site 1 asa (in case of slow dns update or clients having fixed ip to our service) is it possible to set up public server (open port) to send the traffic over the vpn?

7 REPLIES 7
Frequent Contributor

Re: Public server over vpn

If it is a web server and you need to give users access to the webserver located at Site 2.  You just setup the NAT for that server accordingly depending on how your sites are connected.  Is your site 2 getting to the Internet via Site 1?  In that case you just update the NATed IP of the server on the ASA.

But you mentioned VPN so it can also mean that you have an Internet connection at Site 2 with another ASA.  So in that case you can just point the DNS entry to an available public IP addres at Site 2 and then NAT that public IP address to the Webserver at Site 2.

Beginner

Public server over vpn

Thanks but i think you misunderstood what we need to do

When we switch sites (ie change dns) all external traffic should hit the second site asa (which is aleady set up)

What we need to do is ensure any traffic which may hit site one (i.e via slow dns propgation or hard coded access) get redirect to the correct site.

If we can set the public servers on the asa to go over the vpn link between the two sites it would be ideal

Frequent Contributor

Re: Public server over vpn

Then you can just NAT the public IP on the Site 1 ASA to the Site 2 server as well.

Beginner

Public server over vpn

Yeh tried that but when nating i have to select an named interface, but vpn are not named as interfaces

Frequent Contributor

Re: Public server over vpn

You can't just update the NAT like this...?

network object webserver

host 192.168.1.10 (This would be the IP of the webserver located at Site #2)

nat (inside,outside) static 1.1.1.1 (1.1.1.1 being the public IP)

Beginner

Re: Public server over vpn

no sorry that does not work

Frequent Contributor

Re: Public server over vpn

What doesn't work in that exactly?  How do you have the NAT setup right now?