Solved

Dynamic natting from outside to inside

Posted on 2010-08-28
5
413 Views
Last Modified: 2012-05-10
I would like to perform some sort of natting on certain traffic as it flows into our network. Right now I have a static nat setup for exchange and that works fine, but is there a way do pat traffic coming in requesting a certain server or subnet to a public ip address? If so what would be the best solution. The only way I have seen so far is with static one to one translations.
0
Comment
Question by:justin0104
  • 2
  • 2
5 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 33553660
For incoming traffic it is pretty much one to one, but on a port level. In other words, for a given outside address and port combination you can forward (and optionally translate the port number) to a single inside host.

Assume a.a.a.a and b.b.b.b are outside ip addresses

You can do mapping like this
a.a.a.a:80     insideweb1 : 80
a.a.a.a:8080 insideweb2 : 80
b.b.b.b:3389 insidetermserver1
a.a.a.a:3389 insidetermserver2
 and so on

Good Luck



0
 

Author Comment

by:justin0104
ID: 33554939
What is the Best way of doing reverse proxy? We are currently running ms ISA server and it is reverse proxying web requests. I currently have a port forward setup to forward all 80 and 443 traffic to ISA and I want to get away from doing that. In order to do so, I would like to know some alternative method to doing this. I do not want to statically translate every web server to a public ip because that is just wasteful with public ip addresses. So what is the best method if you have lots of web servers. Some of them are production and some are for proof of concepts for our clients. The majority are 443 requests. Is there a way to do all of this on the cisco Asa 5520?
0
 
LVL 9

Expert Comment

by:gavving
ID: 33562377
The way you described it, no there's not a way to do it on the ASA.  The ASA does not proxy traffic normally, and can't terminate webserver sessions only pass them along to internal servers.  If your internal servers support host-headers then you can have multiple websites on one server, but individual servers would have their own external IP numbers.  As for termination of SSL traffic, each SSL site would need a unique external IP number to NAT to a unique internal IP address to the server that terminates the website and contains the SSL certificate.  

A device that terminates SSL traffic, and layer-7 inspection like a Cisco CSS-11501 would be able to do what you're asking though.

0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 33570771
Take a look at MS application request routing
0
 

Author Closing Comment

by:justin0104
ID: 33688716
solution sucked and I figured it out myself.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 60
Set up wireless network on Cisco ASA 5505 with DHCP 13 53
Firmware for ISR4321 Router 6 33
Connecting to CISCO 4402 WLC 3 11
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now