We have an ASA5510 and we need to configure it to allow the following scenario:
We already have acls and nat configured on ASA to provide access on our first web server (OUTSIDE => DMZ). It is working fine.
Now, we have a web application that will be executed in another web server (placed in the same DMZ that the first web server) and we don't know what is necessary to configure ASA.
We have an IIS server installed on our first web server with our web page www.example.com. We will define a new virtual directory www.exmaple.com/application to execute the new web application on the second web server.
On IIS new virtual directory we are using âRedirect to URLâ option, pointing to valid IP reserved to our second web server (new).???
We already have configured on ASA an Inside network 192.168.1.0/24, a DMZ 10.0.0.0/24 and an Outside obviously.
Could you please help us with the ASA configuration for web access on this second web server?
OK here's the rub. You cannot NAT to the same front end address to the back end address unless you do Port address mapping. Even then, you are restricted to ports on the outside mapping to different ports on the inside I.E.
port 80 outside maps to 8080 on the DMZ and port 8000 maps to port 8000 on the DMZ.
So technically, you could nat to the same address if you just are going to and from different ports.
So outside port 80 maps to inside 8000
redirect to outside address on port 8080,
that can be mapped to the same address on 8080 to the same DMZ host.