12-24-2007 03:08 PM - edited 03-12-2019 05:54 PM
Hey there,
Currently our live web server uses multiple internal IPs that are NAT'd to an equal number of external IPs.
We are planning to take the web server down for maintenance over the new year holiday and need to redirect all these IP's to a single IP address on a temporary web server in order to show a maintenance message.
I cannot figure out hot to get this to work, trying to put multiple Static NAT statements for the same Internal IP reports overlapping errors and what I've read about Policy NAT seems to indicate it not suitable.
Any help would be appreciated, thanks in advance anf Merry Christmas for those who celebrate it.
12-24-2007 11:35 PM
Hi Lee
So you want the www traffic of multiple external IPs forwarded to one single internal webserver IP correct? Please post your sanitized running config, the external IPs and internal IP you want to configure
Regards
12-26-2007 05:59 AM
Thats absolutely right. What I would like is something like:
199.123.2.10 - 199.123.2.20 -> 192.168.54.10
-- Start of Config ---
asdm image disk0:/asdm-507.bin
asdm location DOWNWEB 255.255.255.255 www-dmz
no asdm history enable
ASA Version 7.0(7)
!
hostname ASAFW1
names
name 192.168.54.10 DOWNWEB description Temporary Web Server
dns-guard
!
interface Ethernet0/0
description Connection to WWW DMZ
nameif www-dmz
security-level 50
ip address 192.168.54.2 255.255.255.0
!
interface Ethernet0/1
description Connection to Outside world
nameif outside
security-level 0
ip address 199.123.2.2 255.255.255.0
!
ftp mode passive
object-group service HTTP-S tcp
description HTTP & HTTPS
port-object eq www
port-object eq https
access-list outside_access_in extended permit tcp any host DOWNWEB eq www
access-list outside_access_in_V1 extended permit tcp any host DOWNWEB eq www
access-list acl_capout extended permit tcp any any eq www
access-list outside_access_in_V2 extended permit tcp any host 199.123.2.10 eq www
access-list outside_access_in_V2 extended permit tcp any host 199.123.2.11 eq www
access-list dmz_www_nat_11 extended permit ip host DOWNWEB any
access-list dmz_www_nat_10 extended permit ip host DOWNWEB any
pager lines 24
logging enable
logging timestamp
logging standby
logging asdm informational
mtu management 1500
mtu www-dmz 1500
mtu outside 1500
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 199.123.2.3
static (www-dmz,outside) 199.123.2.10 access-list dmz_www_nat_10
static (www-dmz,outside) 199.123.2.11 access-list dmz_www_nat_11
access-group outside_access_in_V2 in interface outside
route outside 0.0.0.0 0.0.0.0 199.123.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
sysopt noproxyarp management
sysopt noproxyarp www-dmz
!
class-map inspection_default
match default-inspection-traffic
!
-- End of Config ---
Thanks again
Lee
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: