I am not sure if I need an NAT based access-list, route map, twice NAT, or an object based NAT. I've done some reading and I feel like ACL or route-map NAT is the way to go but am looking for guidance.
My situation is:
ASA 5510 Active/Passive
Cisco Adaptive Security Appliance Software Version 8.4(7)31.
We own "www.mysite.com" and we want all partners to continue to use "www.mysite.com"
We have a partner with an application (Client_A) that isn't compliant with modern SSL cert requirements. We want to redirect them to a site with our depreciated cert so we can move our other partners to the main site so we can upgrade their SSL cert.
We would go with SNI on apache as a solution but the partner's software potentially won't work with that either. We need to handle this at the firewall and take control of the solution ourselves without adding more work for our developers, web team, etc.
What we will have to do is have partner A access the same dns name and redirect them to another virtual site on another port on the sameserver as the remaining traffic (let's say port 7443 for Client A)
We want the remaining traffic to continue unchanged, to port 443, on the same server that client_A will hit
We are not asking the partner to make the change as it requires layers of approval found in giant organizations. We are small and agile and prefer to just force their traffic where we need to. We have all their source IP address ranges.
So we have client_A (group of network IP ranges) and the rest of the world (any).
static (inside,outside) NAT_WWW (however this gets worded)
Let's say the internal server is 10.10.10.10. Where does that fit in to the picture?
Feel free to throw in other suggestions of how to do it with a workable example, either completing this method or demonstrating a different method. I've tried a few variations with a spare IP and a test internet connection and can't seem to get it right.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...