NAT question

I have a temporary outlook server sitting on an inside network and I need to set up OWA . We have a public block of IP's and I assigned a public DNS name to one of them to access the server externally. I added a route on the outside router telling it to route any traffic destined for XXX.XXX.209.9 (address assigned to OWA) to XXX.XXX.209.57 (outside int of ASA). Now I need to figure out what to configure on the asa to say whenever traffic destined for XXX.XXX.XXX.9 hits the outside interface, translate it to 10.0.0.237 and send it to the outlook server.  I know this is simple natting, but I can't figure out which type of rule to use.
downscmAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JFrederick29Commented:
This should do it:

access-list outside_access_in extended permit tcp any host xxx.xxx.209.9 eq 443

static (inside,outside) xxx.xxx.209.9 10.0.0.237 netmask 255.255.255.255
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jcs5003Commented:
static (inside,outside) xxx.xxx.209.9 10.0.0.237 netmask 255.255.255.255 if nothing else is using this outside IP
static (inside,outside) tcp xxx.xxx.209.9 443 10.0.0.237 443 netmask 255.255.255.255

The above will also only work if your Exchange server is servicing OWA using SSL, as it should.. some admins like to use 80 also in which case you would also add
static (inside,outside) tcp xxx.xxx.209.9 80 10.0.0.237 80 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host xxx.xxx.209.9 eq 80


This also assumes your access-list is named outside_access_in
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.