Multiple Gateways on ASA 5505

We have a server inside our network that we want to port forward port 80 and 443 to.  When I try to forward port 443 I get this error:

static (inside,outside) tcp interface https 10.9.1.20 https netmask 255.255.255.255
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy

I assume that is because the ASA needs port 443 for the web config.  Is there a way to change this?

Failing that, our ISP has provided us a second IP but it has a different default gateway than the first IP.  How do I configure the ASA to port forward the second IP to our server internally?

I'm using version Cisco Adaptive Security Appliance Software Version 8.2(1)18 and Device Manager Version 6.2(1).

Thank you.
Keeran NetworksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JFrederick29Commented:
I would use the second IP before changing the SSL VPN port.

static (inside,outside) tcp <second IP> https 10.9.1.20 https netmask 255.255.255.255

You need to permit the HTTPS traffic to the second IP in your outside access-list as well.
0
max_the_kingCommented:
Hi, should you want to choose your 1st option, you can do the following:

To change the listening port for ASDM, use the port argument of the http server enable command. For example you may use HTTPS ASDM sessions on port 444 on the outside interface. With this configuration, remote users initiate ASDM sessions by entering https://<outside_ip>:444 in the browser.

ASA(config)# http server enable 444

after you have done this, you'll be able to reserve port 443 for static PAT and you should no longer have the error you mentioned.

then, of course, I guess you already have the access-list to get to your https server

hope this helps
max
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keeran NetworksAuthor Commented:
Thanks guys.  Both answers worked!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.