HI Jouni,

Thank you,

let me explain again..

I have two webserver at client end. Server A - test.com  , Server B my.test.com. Now Sitting in my network behind a asa 5505 , I want to rediect all my traffic for Server A to Server B. My application reads only test.com . So I want all the taffic for test.com should be redirected to my.test.com..

Hope you get it..

Thanks

Amardeep

Hi,

Well I imagine that the example server test.com is resolved to some public IP address on a public DNS server and that public IP address is located on the ASA. And on the ASA that public IP address is probably in a Static NAT or Static PAT configuration for the server test.com

I am not sure if you are simply attempting to change the ASA configuration so that the public IP address would now be Staticly NATed/PATed to the other local server my.test.com?

- Jouni

HI Jouni,

is it possible to configure any Nat rule or something else which tell my ASA that.. Every traffic from ( My Internal Network) for IP 1.1.1.1 should go to IP 2.2.2.2. Both IP are Public and at clients end. I am accessing these IP as user.

Or Suppose You are accessing an IP 1.1.1.1 from your network and all traffic should go to 2.2.2.2

Hope I am able clear it this time..

Thanks

Amardeep..

Hi,

I think I would probably have to see the ASA configuration and/or some picture of the network setup that clearly shows the location and networks of the users and servers.

- Jouni

Thanks Jouni,

There is nothing I have done on My ASA yet. These servers dont belong to my network.. I have dont access of these server. Only what I have to do is... When a user sitting in my network access any external website ( Any IP ) that request should be redirected to another website ot  IP..

Thanks

Amardeep

Hi,

I think this should be done at your client's premise not yours. Because both servers are not under your direct authority, your client should configure this redirecting behavior in their firewall. I believe this can be done using Static PAT on your client's firewall to translate both servers into one Public IP. Each server must listen to different port. In this case, when a host in your internal traffic initiates a connection to that one Public IP along with Server B's port, then the redirection would be successful.

For example,

Server A: 192.168.5.5 (listens to port 1234)

Server B: 192.168.5.6 (listens to port 5678)

Both servers located, let's say, in DMZ interface.

PAT Address: 200.1.1.1

static (dmz,outside) tcp 200.1.1.1 1234 192.168.5.5 1234 netmask 255.255.255.255

static (dmz,outside) tcp 200.1.1.1 5678 192.168.5.6 5678 netmask 255.255.255.255

To test it:

Hosts in your internal network try to access http://200.1.1.1:5678

Note: Both web servers must listen to these ports in the first place, so web server administrator work is involved.

Regards,

AM

Turbo brings up a good point that it is best to have this done at the client site.

However, looking away from best practice, you could use a policy NAT to get this done.  Though I have never considered doing this, I think the configuration would be something like the following:

object network iPhone-Users

subnet 192.168.1.0 255.255.255.0

object network ServerA

host 1.1.1.1

object network ServerB

host 2.2.2.1

nat (inside,outside) source dynamic iPhone-Users interface destination static ServerA ServerB

Well, i even forgot to ask the requester what is the ASA's software version.

Yes, Manual NAT (8.3 or later) in our premise is better than Static PAT in the client's premise. Good one!

Personally, i would go with Manual NAT.

Regards,

AM