05-09-2007 09:01 PM - edited 03-11-2019 03:11 AM
I have a windows server 2003 box running 2 ssl websites. Currently I am only using the windows firewall and have put both the two exteral ip addresses on one nic card.
What I want to do is the same thing just on the ASA 5510.
Is there any way to map more than one outside ip address to one ethernet interface (Ethernet0/0) and have that traffic routed to my nic as 2 different internal ips?
Ex: 23.124.124.12 -> 192.168.1.100
23.124.124.13 -> 192.168.1.101
Then in iis i would select the internal ip addresses for each site and hopefully the ssl certificates would still work?
Thanks,
Mike
05-09-2007 09:40 PM
Hmm.. two static nat should solve your problem
static(inside,outside) 23.124.124.12 192.168.1.100 netmask 255.255.255.255
static(inside,outside) 23.124.124.13 192.168.1.101 netmask 255.255.255.255
HTH
Hoogen
05-09-2007 10:10 PM
Expanding on the first question how would you tell the router:
I only want to allow access to ip address 23.124.124.12 from these wan ip addresses
xx.xx.xx.xx and zz.zz.zz.zz ...
and
I only want to allow access to ip address 23.124.124.13 from these wan ip addresses
yy.yy.yy.yy and aa.aa.aa.aa ...
I will be taking the server down on Friday so I can test the code then.
Thanks again.
05-10-2007 05:42 AM
Along with your NAT statements you would be specifying the access-list which would look like:
access-list outside extended permit ip xx.xx.xx.xx
access-list outside extended permit ip zz.zz.zz.zz
Similarly
access-list outside extended permit ip yy.yy.yy.yy
access-list outside extended permit ip aa.aa.aa.aa
HTH
Hoogen
05-10-2007 06:53 AM
Alternatively to the already suggested public to private static translations you can also do following.
static (inside,outside) 23.124.124.12 23.124.124.12 netmask 255.255.255.255
static (inside,outside) 23.124.124.13 23.124.124.13 netmask 255.255.255.255
route inside 23.124.124.12 192.168.1.100
route inside 23.124.124.13 192.168.1.100
Rather than adding 192.168.1.101 as second IP address for the server you add the two public IPs.
This seems like a more complicated setup at first, but it has the benefit of making it a lot clearer what public IP addresses are currently associated with a given webserver.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide