Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Two web servers

Hello all.

We have an ASA5510 and we need to configure it to allow the following scenario:

We already have acls and nat configured on ASA to provide access on our first web server (OUTSIDE => DMZ). It is working fine.

Now, we have a web application that will be executed in another web server (placed in the same DMZ that the first web server) and we don't know what is necessary to configure ASA.

We have an IIS server installed on our first web server with our web page www.example.com. We will define a new virtual directory www.exmaple.com/application to execute the new web application on the second web server.

On IIS new virtual directory we are using “Redirect to URL” option, pointing to valid IP reserved to our second web server (new).???

We already have configured on ASA an Inside network 192.168.1.0/24, a DMZ 10.0.0.0/24 and an Outside obviously.

Could you please help us with the ASA configuration for web access on this second web server?

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Two web servers

OK here's the rub. You cannot NAT to the same front end address to the back end address unless you do Port address mapping. Even then, you are restricted to ports on the outside mapping to different ports on the inside I.E.

port 80 outside maps to 8080 on the DMZ and port 8000 maps to port 8000 on the DMZ.

So technically, you could nat to the same address if you just are going to and from different ports.

So outside port 80 maps to inside 8000

redirect to outside address on port 8080,

that can be mapped to the same address on 8080 to the same DMZ host.

-C

5 REPLIES
Community Member

Re: Two web servers

Sounds like you just need a nat for the second address of WS2 and to open up those ports inbound to the DMZ

Community Member

Re: Two web servers

1. Would be necessary we have a second valid IP on this scenario for WS2?? or can we use the same valid IP used on the WS1 and use a Dynamic nat for two ip address of DMZ??

Community Member

Re: Two web servers

OK here's the rub. You cannot NAT to the same front end address to the back end address unless you do Port address mapping. Even then, you are restricted to ports on the outside mapping to different ports on the inside I.E.

port 80 outside maps to 8080 on the DMZ and port 8000 maps to port 8000 on the DMZ.

So technically, you could nat to the same address if you just are going to and from different ports.

So outside port 80 maps to inside 8000

redirect to outside address on port 8080,

that can be mapped to the same address on 8080 to the same DMZ host.

-C

Community Member

Re: Two web servers

Thank you so much!

Your tips are working fine.

Our WS2 is already on-line.

Community Member

Re: Two web servers

Glad to hear it!!

118
Views
0
Helpful
5
Replies
CreatePlease to create content