Hello,
I have taken over management of a Cisco ASA device (v8.2), and I am trying to open up one of the sites on the internal server to be available on the Internet via port 443. The problem is, the public IP that I thought was available is actually being used for dynamic NAT for the internal network. I'm wondering if it is possible to still use that same IP for the static NAT/PAT to the server. On the one hand, it seems like it might work, since the port forward only needs port 443, but on the other hand, I'm not sure if having two NAT rules using the same public IP will just cause a conflict, and I don't want to try it and bring down the network, so I was wondering if anyone has experience with this, and if this is not possible, is there another workaround?
I read this, which is what I want to do... but I just am not sure about the ramifications of using the existing IP:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080b80d74.shtml#forwarding
If anyone has suggestions, I appreciate it. I've been using ASDM, and I would appreciate any step-by-step instructions that can be provided, as I'm not overly familiar with Cisco management.
Thank you
Edit: I've also found this, which looks like the simplest way to go, as it seems to take care of NAT/PAT and access rules:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080bac900.shtml
2nd edit: I went ahead and added it under Public Server (it added the static NAT - no port specified, and the rule 'any public_ip https allow,' but traffic still isn't getting through. When I look at the logs, it says it's being denied by access-group "inside_access_out," which just has an implicit 'any any ip deny' rule, but I am not sure what it needs.
