08-06-2010 11:15 AM - edited 03-11-2019 11:22 AM
I have a Cisco ASA 5505, and I'm trying to forward HTTPS traffic to one internal server if it comes from either of two external networks (i.e. X.Y.0.0/16 and C.0.0.0/8), and to a different server if it comes from anywhere else.
Can anyone provide me with the Policy Static PAT (?) or whatever commands to accomplish this? Thanks!
08-06-2010 12:01 PM
CSCso79009 ENH: Policy static nat should check inbound source IP address w/ACL
This defect is not resolved yet.
It may not work for you if configured. This is how you would configure it though.
static (inside,outside) tcp 1.1.1.1 443 access-list from-server-A
access-list from-server-A per tcp 10.10.1.1 eq 443 A.A.A.A
The above line will make the firewall receive all 443 traffic destined to 1.1.1.1 from the internet address A.A.A.A to the server on the inside 10.10.1.1
static (inside,outside) tcp 2.2.2.2 443 access-list from-all-other-ips
access-list from-all-outher-ips per tcp 10.10.2.2 eq 443 any
The above lines will make the firewall receive all 443 traffic destined to 2.2.2.2 from all other internet addresses to the server on the inside 10.10.2.2
Unfortunately due to the defect this may not work.
-KS
08-06-2010 12:03 PM
mattkl3com wrote:
I have a Cisco ASA 5505, and I'm trying to forward HTTPS traffic to one internal server if it comes from either of two external networks (i.e. X.Y.0.0/16 and C.0.0.0/8), and to a different server if it comes from anywhere else.
Can anyone provide me with the Policy Static PAT (?) or whatever commands to accomplish this? Thanks!
Matt
You can't do this on an ASA. What you need is PBR (Policy Based Routing) which is the ability to forward traffic based on something other than just the destination IP address, in your case the source IP.
But the ASA does not support PBR although believe me a lot of people wish it did. For PBR you need a router.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: