Solved

Multiple Gateways on ASA 5505

Posted on 2012-03-09
3
1,062 Views
Last Modified: 2012-03-12
We have a server inside our network that we want to port forward port 80 and 443 to.  When I try to forward port 443 I get this error:

static (inside,outside) tcp interface https 10.9.1.20 https netmask 255.255.255.255
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy

I assume that is because the ASA needs port 443 for the web config.  Is there a way to change this?

Failing that, our ISP has provided us a second IP but it has a different default gateway than the first IP.  How do I configure the ASA to port forward the second IP to our server internally?

I'm using version Cisco Adaptive Security Appliance Software Version 8.2(1)18 and Device Manager Version 6.2(1).

Thank you.
0
Comment
Question by:Keeran Networks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 250 total points
ID: 37702869
I would use the second IP before changing the SSL VPN port.

static (inside,outside) tcp <second IP> https 10.9.1.20 https netmask 255.255.255.255

You need to permit the HTTPS traffic to the second IP in your outside access-list as well.
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 250 total points
ID: 37704913
Hi, should you want to choose your 1st option, you can do the following:

To change the listening port for ASDM, use the port argument of the http server enable command. For example you may use HTTPS ASDM sessions on port 444 on the outside interface. With this configuration, remote users initiate ASDM sessions by entering https://<outside_ip>:444 in the browser.

ASA(config)# http server enable 444

after you have done this, you'll be able to reserve port 443 for static PAT and you should no longer have the error you mentioned.

then, of course, I guess you already have the access-list to get to your https server

hope this helps
max
0
 

Author Comment

by:Keeran Networks
ID: 37711821
Thanks guys.  Both answers worked!
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question