07-23-2008 10:02 AM
I currently have a situation, where I want to configure a static translation for a single outside IP going to multiple internal IP's, on a different tcp port for each. Normally I would be able to do this, I have done it in the past, but this situation has 1 difference, where the port that I am forwarding to on the internal IP side is different, I have a posted an example below. It is not working the way I would think, when I connect to the https page, of a DRAC card on a dell server, I get the security warnings and all, and accept, but when it trys to pull up the page, it times out. Is this something to do with my configuration on the ASA, or maybe something with the DRAC card itself, has anyone experienced this before? If i do not change the port, and use 443 on the outside and inside, it works fine, but I dont want the outside to see 443, but 5001, 5002 etc etc, going to different internal IP's, on 443.
static (DRAC,outside) tcp 216.x.x.x 5001 10.251.0.1 https netmask 255.255.255.255
Thanks for any help you can provide.
Jason
07-23-2008 10:04 AM
static (DRAC,outside) tcp 216.x.x.x 5001 10.251.0.1 https netmask 255.255.255.255
static (DRAC,outside) tcp 216.x.x.x 5002 10.251.0.2 https netmask 255.255.255.255
static (DRAC,outside) tcp 216.x.x.x 5003 10.251.0.3 https netmask 255.255.255.255
The above do not work, but I would like them to.
static (DRAC,outside) tcp 216.x.x.x https 10.251.0.1 https netmask 255.255.255.255
This method works, but it does not meet my security needs, yes I do have the option of doing a different outside IP for each DRAC card, and then doing the 443 to 443, but it is again not meeting my security needs, and i do not want to use that many different outside IP addresses.
07-30-2008 05:40 PM
Anyone have any input on this, still have not been able to get it working.
07-30-2008 05:58 PM
hey dude
try this
show ip
(find the asa's interface name)
(use the ASA interface name when creating the port forward nat)
i.e.
your syntax is wrong
static (outside,inside)
remember, its
static (start interface, ending interface)
pre-nat ip, post-nat ip
-Joe
07-30-2008 06:51 PM
I had the same configuration as you and
it works for me:
static (DRAC,outside) tcp interface 5001 192.168.1.1 https netmask 255.255.255.255
static (DRAC,outside) tcp interface 5002 192.168.1.2 https netmask 255.255.255.255
static (DRAC,outside) tcp interface 5003 192.168.1.3 https netmask 255.255.255.255
The only exception is that I have a Redhat
Linux Apache Server serving https and I can
see the page without any issues.
Then again, I am using Pix version 7.0(7)
which is a stable version. You may want to
give version 7.0(7) a try.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: