we have a 5520 ASA and we need use NAT to a DMZ server. Users from outside should access to http port and DMZ server listen in 8080. For Corporative users (LAN, Remote branch office and VPN Remote-USers) server listen in port 80 (they attack to public address port 80 too).
We think use Static Policy NAT Rule in order to translate <internal_server_Addres>:8080 port to <public_server_Addres>:80 for destination "any" and other rule for <internal_server_Addres>:80 port to <public_server_Addres>:80 to the IP list of corporative users (LAN, Remote users...)
It doesn´t work configuring DMZ51_nat_static_1 with deny rules for corporative users ("ERROR: access-list has deny statements" from CLI) nor create a static nat rule for specific destionation and other different rule for "any" destination (overlapping rule warning).
It is the actual configuracion (all traffic <internal_server_Addres>:8080 port to <public_server_Addres>:80 without exceptions)
access-list DMZ51_nat_static_1 extended permit tcp host <PRIVATE IP ADDRESS> eq 8080 any
static (DMZ51,outside) tcp <PUBLIC IP ADDRESS> www access-list DMZ51_nat_static_1
Any idea how can I that we need?