Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
5
Helpful
8
Replies

ASA Website Question

sonitadmin
Level 1
Level 1

‎09-26-2007 09:52 AM - edited ‎03-11-2019 04:17 AM

Client currently has a website set up on an ISeries box. I have the ASA set up so that the public IP on the outside connects to the ISeries on the inside.

They recently purchased a new web server and are going to host 2 more websites internally on a different IP. This will be coming in on a completely different public IP then the other one. Is it possible to set the ASA up for something like this. I really don't have much background with this.

Thanks!

Labels:
0 Helpful
8 Replies 8

acomiskey
Level 10
Level 10

‎09-26-2007 10:03 AM

Yes, this is possible. You probably have something like this currently...

static (inside,outside) interface iISeries.ip netmask 255.255.255.255

access-list outside_access_in permit tcp any interface outside eq www

So if the new ip is 2.2.2.2 you would just do this...

static (inside,outside) 2.2.2.2 new.webserver.ip netmask 255.255.255.255

access-list outside_access_in permit tcp any host 2.2.2.2 eq www

Just be sure that the isp is routing the new addresses to the outside interface of your ASA.

Please rate helpful posts.

0 Helpful

sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-26-2007 10:19 AM

Can you explain this part to me "Just be sure that the isp is routing the new addresses to the outside interface of your ASA."

Thanks!

0 Helpful

acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-26-2007 10:24 AM

Sorry I should have clarified. I assumed you were getting new ip addresses. If you are simply using public addresses you already have, part of the same subnet as your ASA outside interface, then disregard what I said. If you are getting new IP addresses then your ISP has to route them to you.

0 Helpful

sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-26-2007 10:30 AM

OK, I think I understand it now. The new public IP is one the client already has and is part of the same subnet as the ASA outside interface.

So just for example, I would enter the following commands on the ASA.

static (inside,outside) 192.168.1.5 netmask 255.255.255.255

access-list outside_access_in permit tcp any host 209.173.x.x eq www

0 Helpful

acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-26-2007 10:36 AM

Almost you forgot an address in the static command...

static (inside,outside) 209.173.x.x 192.168.1.5 netmask 255.255.255.255

access-list outside_access_in permit tcp any host 209.173.x.x eq www

sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-26-2007 10:49 AM

There is already a command in there that reads

static (inside,outside) tcp interface 3390 192.168.1.5 3390 netmask 255.255.255.255

when I try to enter the command you have listed above I get a warning message.

Any thoughts?

0 Helpful

acomiskey
Level 10
Level 10
In response to sonitadmin

‎09-26-2007 11:03 AM

Pretty sure that's just a warning because you already have another static with 192.168.1.5. You'd have to test it to see if it still works. You could also do this and you probably won't get a warning...

static (inside,outside) tcp 209.173.x.x 80 192.168.1.5 80 netmask 255.255.255.255

access-list outside_access_in permit tcp any host 209.173.x.x eq www

0 Helpful

sonitadmin
Level 1
Level 1
In response to acomiskey

‎09-26-2007 11:14 AM

I'm not even sure what that other command was for. I noted it and took it out. Entered the command you gave me and it works like a charm. Thanks for all your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card