09-26-2007 09:52 AM - edited 03-11-2019 04:17 AM
Client currently has a website set up on an ISeries box. I have the ASA set up so that the public IP on the outside connects to the ISeries on the inside.
They recently purchased a new web server and are going to host 2 more websites internally on a different IP. This will be coming in on a completely different public IP then the other one. Is it possible to set the ASA up for something like this. I really don't have much background with this.
Thanks!
09-26-2007 10:03 AM
Yes, this is possible. You probably have something like this currently...
static (inside,outside) interface iISeries.ip netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq www
So if the new ip is 2.2.2.2 you would just do this...
static (inside,outside) 2.2.2.2 new.webserver.ip netmask 255.255.255.255
access-list outside_access_in permit tcp any host 2.2.2.2 eq www
Just be sure that the isp is routing the new addresses to the outside interface of your ASA.
Please rate helpful posts.
09-26-2007 10:19 AM
Can you explain this part to me "Just be sure that the isp is routing the new addresses to the outside interface of your ASA."
Thanks!
09-26-2007 10:24 AM
Sorry I should have clarified. I assumed you were getting new ip addresses. If you are simply using public addresses you already have, part of the same subnet as your ASA outside interface, then disregard what I said. If you are getting new IP addresses then your ISP has to route them to you.
09-26-2007 10:30 AM
OK, I think I understand it now. The new public IP is one the client already has and is part of the same subnet as the ASA outside interface.
So just for example, I would enter the following commands on the ASA.
static (inside,outside) 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit tcp any host 209.173.x.x eq www
09-26-2007 10:36 AM
Almost you forgot an address in the static command...
static (inside,outside) 209.173.x.x 192.168.1.5 netmask 255.255.255.255
access-list outside_access_in permit tcp any host 209.173.x.x eq www
09-26-2007 10:49 AM
There is already a command in there that reads
static (inside,outside) tcp interface 3390 192.168.1.5 3390 netmask 255.255.255.255
when I try to enter the command you have listed above I get a warning message.
Any thoughts?
09-26-2007 11:03 AM
Pretty sure that's just a warning because you already have another static with 192.168.1.5. You'd have to test it to see if it still works. You could also do this and you probably won't get a warning...
static (inside,outside) tcp 209.173.x.x 80 192.168.1.5 80 netmask 255.255.255.255
access-list outside_access_in permit tcp any host 209.173.x.x eq www
09-26-2007 11:14 AM
I'm not even sure what that other command was for. I noted it and took it out. Entered the command you gave me and it works like a charm. Thanks for all your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide