How do I expose my internal webserver to an external public IP?

I have a Cisco 5505 with a full Class C to use for public IPs.  I have split that in half, making my outside interface subnet the first half, and the DMZ the second half.  I have a single box on the inside of my network that runs multiple development services, and I'd like to expose port tcp/443 to the outside on the first half subnet.  When I configure port forwarding of https using the outside interface and PAT, it works fine.  What I was trying to do, that I didn't get to work, was a static NAT of the inside interface of the webserver to an IP address on the same subnet as the outside interface and then allow https in the ACLs for the outside and inside interfaces.  This didn't work, and the fact that I didn't see anything in the ACL logs or the webserver logs tells me that the issue is with NAT.  I was able to get this working with a webcam that I performed a static one-to-one IP address translation and then just allowed the services in the ACLs.  Can someone tell me what is wrong with my line of thinking?

66.x.x.5 (public webserver) --> 66.x.x.2 (ASA outside) --> 10.x.x.8 (private webserver)

Regards,
Scott
namelkcipAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonbooCommented:
If your server has been using the Global nat before you make a static NAT you might have to clear xlate for the server first before the static will take effect.

clear xlate local "IP of the server"

else post your configuration and I´ll take a look at it.
0
namelkcipAuthor Commented:
Hmm, aren't the translations cleared as part of the configuration of the new static NAT?  I'll have to set it up again and test it out and post the config.
0
DonbooCommented:
depends if you do it via ASDM or via CLI. ASDM does this but CLI its all manual.
0
namelkcipAuthor Commented:
I am closing this for now as I don't have time to follow up on comments.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.