Cisco ASA Port Foward Question

nickbarber · ‎04-15-2014

My client has 1 public IP. They already have a port forward for HTTPS for Exchange. They also want to allow access to another HTTPS website on a different server. My question is ...is it possible to have 2 internal websites on different servers 10.0.0.9 and 10.0.0.10 (HTTPS) with one Public IP? How would I write that ACL??

Thanks

Nick

jj27 · ‎04-15-2014

You can only port-forward external port 443 to one internal IP address. You could use a different external port, say 4443 and direct it towards your second server at port 443, but that would require end-user education to include the port in their URL.

nickbarber · ‎04-17-2014

So I now have a second public IP that I can use for the other webserver. How do I add that to the ASA config? I have never done that.

Thanks

jj27 · ‎04-17-2014

What version of code is your ASA running?

nickbarber · ‎04-17-2014

8.2 (5)

jj27 · ‎04-17-2014

Assuming your interfaces are named inside and outside and your public ip is 1.2.3.4 it would be static (inside,outside) tcp 1.2.3.4 443 10.0.0.10 443 netmask 255.255.255.255 Then permit tcp any host 1.2.3.4 eq 443 on your outside access list.