[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Multiple Gateways on ASA 5505

Posted on 2012-03-09
3
Medium Priority
?
1,088 Views
Last Modified: 2012-03-12
We have a server inside our network that we want to port forward port 80 and 443 to.  When I try to forward port 443 I get this error:

static (inside,outside) tcp interface https 10.9.1.20 https netmask 255.255.255.255
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy

I assume that is because the ASA needs port 443 for the web config.  Is there a way to change this?

Failing that, our ISP has provided us a second IP but it has a different default gateway than the first IP.  How do I configure the ASA to port forward the second IP to our server internally?

I'm using version Cisco Adaptive Security Appliance Software Version 8.2(1)18 and Device Manager Version 6.2(1).

Thank you.
0
Comment
Question by:Keeran Networks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 1000 total points
ID: 37702869
I would use the second IP before changing the SSL VPN port.

static (inside,outside) tcp <second IP> https 10.9.1.20 https netmask 255.255.255.255

You need to permit the HTTPS traffic to the second IP in your outside access-list as well.
0
 
LVL 17

Accepted Solution

by:
max_the_king earned 1000 total points
ID: 37704913
Hi, should you want to choose your 1st option, you can do the following:

To change the listening port for ASDM, use the port argument of the http server enable command. For example you may use HTTPS ASDM sessions on port 444 on the outside interface. With this configuration, remote users initiate ASDM sessions by entering https://<outside_ip>:444 in the browser.

ASA(config)# http server enable 444

after you have done this, you'll be able to reserve port 443 for static PAT and you should no longer have the error you mentioned.

then, of course, I guess you already have the access-list to get to your https server

hope this helps
max
0
 

Author Comment

by:Keeran Networks
ID: 37711821
Thanks guys.  Both answers worked!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question