• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1779
  • Last Modified:

How do I publish a website through a Cicso ASA 5505?

I have a SharePoint site that my client wants to make publically available. I do not know how to publish it through the firewall. I need the firewall to map requests coming in for a specific external url (i.e. http://specifc.customerdomain.com
to an internal url (http://myclientsintranet)
SInce it is Sharepoint, there are actually 3 sites, all on the same port (magic of SharePoint, I guess) so it has to be directed to the URL and not an ip address and port. This is important because one is for external access using FBA, one is external using AD Authentication, and the third is internal only.
Any idea on how to do this? I can do it in Forefront but I am not a Cisco guy so this is stumping me.
Oh, it is a Cisco ASA 5505 with software version 7.0.
0
needspace
Asked:
needspace
  • 3
  • 2
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
Unfortunately, the ASA doesn't really work up at the presentation layer in this way.  That's not to say it can't be done, but the ASA isn't going to do all of the work for you.  I would approach the problem this way:

First of all, the magic of putting multiple sites on the same address and port is just a standard HTTP 1.1 header function and has much more to do with IIS than with SharePoint.  I would go into the IIS configuration for the site you want to expose to the outside and configure it to respond to http://specific.customerdomain.com on a different port (say 81/tcp for example) as well as http://myclientsintranet on port 80/tcp.  Once that's done, you can tell the ASA to do port-level forwarding of 80/tcp on the outside to 81/tcp on the Sharepoint server.  When the client goes to http://specific.customerdomain.com, the request will be forwarded intact and the web site will respond appropriately, serving up the site appropriate to the URL requested.  If a client goes to the external web port without the appropriate URL, your IIS server will give them an error page as no other sites are configured on that port.

Will that do the trick for you?
0
 
needspaceAuthor Commented:
OK. I think I have the path set up internally lin IIS like you recommend. How do I go about opening this up on the ASA? Now I'll be mapping requests for the url http://specific.customerdomain.com to <sharepointserverIPAddress>:81 .
0
 
Jody LemoineNetwork ArchitectCommented:
This configuration command will set up the NAT entry on the ASA for you:

static (inside,outside) tcp interface www x.x.x.x 81 netmask 255.255.255.255

Replace x.x.x.x with your Sharepoint server's IP address.

You'll also want to allow www traffic inbound on the outside interface.  This can be done with the following configuration command:

access-list outside extended permit tcp any any eq www

Replace "outside" with whatever the name of our inbound access list for the outside interface.
0
 
needspaceAuthor Commented:
Thanks I'll give that a shot
0
 
needspaceAuthor Commented:
That worked. I have some additional problems in Sharepoint that have surfaced with the redirected URL but I will post that in another thread. Thank you for your help
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now