My client have two web servers. He wants us to download app from production server on IPhone and when hit it back traffic should go to staging server. we can not change any thing in application. so when some hits application from my network it should go to 2nd webserver.
is there any thing ASA can understand that request for IP A can redirect to IP B ?
I think we need clarification on the whole setup. I am not sure exactly what it is that you are trying to achieve.
A simple picture of how the network is built and how the connections should be forwarded would help to clarify if this is something that can be handled with NAT on the ASA.
let me explain again..
I have two webserver at client end. Server A - test.com , Server B my.test.com. Now Sitting in my network behind a asa 5505 , I want to rediect all my traffic for Server A to Server B. My application reads only test.com . So I want all the taffic for test.com should be redirected to my.test.com..
Hope you get it..
Well I imagine that the example server test.com is resolved to some public IP address on a public DNS server and that public IP address is located on the ASA. And on the ASA that public IP address is probably in a Static NAT or Static PAT configuration for the server test.com
I am not sure if you are simply attempting to change the ASA configuration so that the public IP address would now be Staticly NATed/PATed to the other local server my.test.com?
is it possible to configure any Nat rule or something else which tell my ASA that.. Every traffic from ( My Internal Network) for IP 18.104.22.168 should go to IP 22.214.171.124. Both IP are Public and at clients end. I am accessing these IP as user.
Or Suppose You are accessing an IP 126.96.36.199 from your network and all traffic should go to 188.8.131.52
Hope I am able clear it this time..
I think I would probably have to see the ASA configuration and/or some picture of the network setup that clearly shows the location and networks of the users and servers.
There is nothing I have done on My ASA yet. These servers dont belong to my network.. I have dont access of these server. Only what I have to do is... When a user sitting in my network access any external website ( Any IP ) that request should be redirected to another website ot IP..
I think this should be done at your client's premise not yours. Because both servers are not under your direct authority, your client should configure this redirecting behavior in their firewall. I believe this can be done using Static PAT on your client's firewall to translate both servers into one Public IP. Each server must listen to different port. In this case, when a host in your internal traffic initiates a connection to that one Public IP along with Server B's port, then the redirection would be successful.
Server A: 192.168.5.5 (listens to port 1234)
Server B: 192.168.5.6 (listens to port 5678)
Both servers located, let's say, in DMZ interface.
PAT Address: 184.108.40.206
static (dmz,outside) tcp 220.127.116.11 1234 192.168.5.5 1234 netmask 255.255.255.255
static (dmz,outside) tcp 18.104.22.168 5678 192.168.5.6 5678 netmask 255.255.255.255
To test it:
Hosts in your internal network try to access http://22.214.171.124:5678
Note: Both web servers must listen to these ports in the first place, so web server administrator work is involved.
Turbo brings up a good point that it is best to have this done at the client site.
However, looking away from best practice, you could use a policy NAT to get this done. Though I have never considered doing this, I think the configuration would be something like the following:
object network iPhone-Users
subnet 192.168.1.0 255.255.255.0
object network ServerA
object network ServerB
nat (inside,outside) source dynamic iPhone-Users interface destination static ServerA ServerB
Well, i even forgot to ask the requester what is the ASA's software version.
Yes, Manual NAT (8.3 or later) in our premise is better than Static PAT in the client's premise. Good one!
Personally, i would go with Manual NAT.