Solved

Multiple Gateways on ASA 5505

Posted on 2012-03-09
3
1,038 Views
Last Modified: 2012-03-12
We have a server inside our network that we want to port forward port 80 and 443 to.  When I try to forward port 443 I get this error:

static (inside,outside) tcp interface https 10.9.1.20 https netmask 255.255.255.255
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy

I assume that is because the ASA needs port 443 for the web config.  Is there a way to change this?

Failing that, our ISP has provided us a second IP but it has a different default gateway than the first IP.  How do I configure the ASA to port forward the second IP to our server internally?

I'm using version Cisco Adaptive Security Appliance Software Version 8.2(1)18 and Device Manager Version 6.2(1).

Thank you.
0
Comment
Question by:Keeran Networks
3 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 250 total points
ID: 37702869
I would use the second IP before changing the SSL VPN port.

static (inside,outside) tcp <second IP> https 10.9.1.20 https netmask 255.255.255.255

You need to permit the HTTPS traffic to the second IP in your outside access-list as well.
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 250 total points
ID: 37704913
Hi, should you want to choose your 1st option, you can do the following:

To change the listening port for ASDM, use the port argument of the http server enable command. For example you may use HTTPS ASDM sessions on port 444 on the outside interface. With this configuration, remote users initiate ASDM sessions by entering https://<outside_ip>:444 in the browser.

ASA(config)# http server enable 444

after you have done this, you'll be able to reserve port 443 for static PAT and you should no longer have the error you mentioned.

then, of course, I guess you already have the access-list to get to your https server

hope this helps
max
0
 

Author Comment

by:Keeran Networks
ID: 37711821
Thanks guys.  Both answers worked!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWALL SIP Transformation Problem 4 53
USB System Failing 17 79
How to export list of ssl vpn users in a dell sonicwall 4 66
Turn off SIP ALG - Cisco ASA 5505 1 28
 One of the main issues with network wires is that you never have enough.  You run plenty and plan for the worst case but you still end up needing more.  What many people do not realize is with 10BaseT and 100BaseT (but not 1000BaseT) networks you …
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now