Cisco ASA Port Foward Question

Unanswered Question
Apr 15th, 2014
User Badges:

My client has 1 public IP. They already have a port forward for HTTPS for Exchange. They also want to allow access to another HTTPS website on a different server. My question is ...is it possible to have 2 internal websites on different servers 10.0.0.9 and 10.0.0.10 (HTTPS) with one Public IP? How would I write that ACL??

 

Thanks

Nick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jjohnston1127 Tue, 04/15/2014 - 10:36
User Badges:
  • Silver, 250 points or more

You can only port-forward external port 443 to one internal IP address.  You could use a different external port, say 4443 and direct it towards your second server at port 443, but that would require end-user education to include the port in their URL.

nickbarber Thu, 04/17/2014 - 14:35
User Badges:

So I now have a second public IP that I can use for the other webserver. How do I add that to the ASA config? I have never done that.

 

Thanks

jjohnston1127 Thu, 04/17/2014 - 14:41
User Badges:
  • Silver, 250 points or more
What version of code is your ASA running?
jjohnston1127 Thu, 04/17/2014 - 14:49
User Badges:
  • Silver, 250 points or more
Assuming your interfaces are named inside and outside and your public ip is 1.2.3.4 it would be static (inside,outside) tcp 1.2.3.4 443 10.0.0.10 443 netmask 255.255.255.255 Then permit tcp any host 1.2.3.4 eq 443 on your outside access list.

Actions

This Discussion