Simple ASA 5510 NAT Question
Posted on 2012-08-14
Right now we have an internal server that is accessed through a Proxy Server.
The proxy server has 2 network cards. 1 of them has an external IP address of 12.xxx.xxx.xxx that we own and is attached directly to our outside switch. The other network card has an internal address of 18.104.22.168 and it forwards traffic requests from the outside world onto another server with an address of 22.214.171.124. This connection uses Port 443 (HTTPS)
We are looking to remove this proxy server from the setup and just utilize NAT with our ASA 5510 firewall instead.
So I did the following
---Create Static Nat Rule
object network obj-126.96.36.199
nat (INSIDE, OUTSIDE) static 12.xxx.xxx.xxx
---Create ACL Rules
access-list INSIDE_access_out extended permit tcp host 12.xxx.xxx.xxx any eq https
access-list OUTSIDE_access_in extended permit tcp any host 188.8.131.52 eq https
I assumed that this would take care of so I unplugged the ethernet cable from the outside switch coming from the proxy server and waited for the traffic to start switching over to the ASA but this never happened. I waited for about an hour and it never started working so I eventually had to the plug the proxy back in.
Is there something else that I am missing here? I thought that was all that was needed.