Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Forward Http Traffic from to External IP on ASA 5505

Hi,

My client have two web servers. He wants us to download app from production server on IPhone and when hit it back traffic should go to staging server. we can not change any thing in application. so when some hits application from my network it should go to 2nd webserver.

is there any thing ASA can understand that request for IP A can redirect to IP B ?

Please suggest.

Thank You.

Amardeep

9 REPLIES
Super Bronze

Forward Http Traffic from to External IP on ASA 5505

Hi,

I think we need clarification on the whole setup. I am not sure exactly what it is that you are trying to achieve.

A simple picture of how the network is built and how the connections should be forwarded would help to clarify if this is something that can be handled with NAT on the ASA.

- Jouni

New Member

Forward Http Traffic from to External IP on ASA 5505

HI Jouni,

Thank you,

let me explain again..

I have two webserver at client end. Server A - test.com  , Server B my.test.com. Now Sitting in my network behind a asa 5505 , I want to rediect all my traffic for Server A to Server B. My application reads only test.com . So I want all the taffic for test.com should be redirected to my.test.com..

Hope you get it..

Thanks

Amardeep

Super Bronze

Forward Http Traffic from to External IP on ASA 5505

Hi,

Well I imagine that the example server test.com is resolved to some public IP address on a public DNS server and that public IP address is located on the ASA. And on the ASA that public IP address is probably in a Static NAT or Static PAT configuration for the server test.com

I am not sure if you are simply attempting to change the ASA configuration so that the public IP address would now be Staticly NATed/PATed to the other local server my.test.com?

- Jouni

New Member

Forward Http Traffic from to External IP on ASA 5505

HI Jouni,

is it possible to configure any Nat rule or something else which tell my ASA that.. Every traffic from ( My Internal Network) for IP 1.1.1.1 should go to IP 2.2.2.2. Both IP are Public and at clients end. I am accessing these IP as user.

Or Suppose You are accessing an IP 1.1.1.1 from your network and all traffic should go to 2.2.2.2

Hope I am able clear it this time..

Thanks

Amardeep..

Super Bronze

Forward Http Traffic from to External IP on ASA 5505

Hi,

I think I would probably have to see the ASA configuration and/or some picture of the network setup that clearly shows the location and networks of the users and servers.

- Jouni

New Member

Forward Http Traffic from to External IP on ASA 5505

Thanks Jouni,

There is nothing I have done on My ASA yet. These servers dont belong to my network.. I have dont access of these server. Only what I have to do is... When a user sitting in my network access any external website ( Any IP ) that request should be redirected to another website ot  IP..

Thanks

Amardeep

New Member

Re: Forward Http Traffic from to External IP on ASA 5505

Hi,

I think this should be done at your client's premise not yours. Because both servers are not under your direct authority, your client should configure this redirecting behavior in their firewall. I believe this can be done using Static PAT on your client's firewall to translate both servers into one Public IP. Each server must listen to different port. In this case, when a host in your internal traffic initiates a connection to that one Public IP along with Server B's port, then the redirection would be successful.

For example,

Server A: 192.168.5.5 (listens to port 1234)

Server B: 192.168.5.6 (listens to port 5678)

Both servers located, let's say, in DMZ interface.

PAT Address: 200.1.1.1

static (dmz,outside) tcp 200.1.1.1 1234 192.168.5.5 1234 netmask 255.255.255.255

static (dmz,outside) tcp 200.1.1.1 5678 192.168.5.6 5678 netmask 255.255.255.255

To test it:

Hosts in your internal network try to access http://200.1.1.1:5678

Note: Both web servers must listen to these ports in the first place, so web server administrator work is involved.

Regards,

AM

VIP Green

Re: Forward Http Traffic from to External IP on ASA 5505

Turbo brings up a good point that it is best to have this done at the client site.

However, looking away from best practice, you could use a policy NAT to get this done.  Though I have never considered doing this, I think the configuration would be something like the following:

object network iPhone-Users

subnet 192.168.1.0 255.255.255.0

object network ServerA

host 1.1.1.1

object network ServerB

host 2.2.2.1

nat (inside,outside) source dynamic iPhone-Users interface destination static ServerA ServerB

--

Please remember to rate and select a correct answer
New Member

Re: Forward Http Traffic from to External IP on ASA 5505

Well, i even forgot to ask the requester what is the ASA's software version.

Yes, Manual NAT (8.3 or later) in our premise is better than Static PAT in the client's premise. Good one!

Personally, i would go with Manual NAT.

Regards,

AM

317
Views
0
Helpful
9
Replies
CreatePlease to create content