• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1121
  • Last Modified:

Multiple Gateways on ASA 5505

We have a server inside our network that we want to port forward port 80 and 443 to.  When I try to forward port 443 I get this error:

static (inside,outside) tcp interface https 10.9.1.20 https netmask 255.255.255.255
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy

I assume that is because the ASA needs port 443 for the web config.  Is there a way to change this?

Failing that, our ISP has provided us a second IP but it has a different default gateway than the first IP.  How do I configure the ASA to port forward the second IP to our server internally?

I'm using version Cisco Adaptive Security Appliance Software Version 8.2(1)18 and Device Manager Version 6.2(1).

Thank you.
0
Keeran Networks
Asked:
Keeran Networks
2 Solutions
 
JFrederick29Commented:
I would use the second IP before changing the SSL VPN port.

static (inside,outside) tcp <second IP> https 10.9.1.20 https netmask 255.255.255.255

You need to permit the HTTPS traffic to the second IP in your outside access-list as well.
0
 
max_the_kingCommented:
Hi, should you want to choose your 1st option, you can do the following:

To change the listening port for ASDM, use the port argument of the http server enable command. For example you may use HTTPS ASDM sessions on port 444 on the outside interface. With this configuration, remote users initiate ASDM sessions by entering https://<outside_ip>:444 in the browser.

ASA(config)# http server enable 444

after you have done this, you'll be able to reserve port 443 for static PAT and you should no longer have the error you mentioned.

then, of course, I guess you already have the access-list to get to your https server

hope this helps
max
0
 
Keeran NetworksAuthor Commented:
Thanks guys.  Both answers worked!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now