Multiple IP's - Routing to internal hosts

Hello all -
First time posting - Hope I am following all the rules.

I have a cisco ASA 5505 as a router at a small business.  The customer has multiple WAN IP's available.  I need to forward ports from one IP to one internal host and from another WAN IP to another internal host.  I've attached the config.  Here is what I want to happen.

443 on 192.168.2.2 to forward to 10.14.4.2
443 on 192.168.2.3 to forward to 10.14.4.3

Thanks in advance for any help you can provide.

-Orr
ASA5505-LCF--1-.txt
OrrMinnesotaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
You would not use interface
nat (inside,outside) tcp 192.168.2.2 443 10.14.4.2 443 netmask 255.255.255.255

Not sure how you manage the multiple WANs as it does not appear that the ASA is the device on which the WANs terminate.
0
OrrMinnesotaAuthor Commented:
Thanks for the reply Arnold.

I'm not sure what you mean.  Our ISP is a cable provider and they have given us a range of WAN IP's.  In this example 192.168.2.2-4.

All traffic shows up from .2 (whatismyip.com) and inbound to .2 NAT'ing to internal host is working fine.

I am trying to get traffic that is addressed to .3 (a DNS A Record) on 443 routed to a seperate internal host.  

Hope I am describing this properly as routing and switching is not my area of expertise.

Again thanks for the time.

-Orr
0
btassureCommented:
Hi, I think this has been confused a little. The first part of what Arnold said is correct, just replace the NAT entries you already have with something more like:

static (inside,outside) tcp 192.168.2.3 443 10.14.4.3 443 netmask 255.255.255.255

And add the corresponding traffic to your inbound ACL rule:

access-list outside_access_in extended permit tcp any 192.168.2.3 eq https

I would suggest you create objects and name them for these things though, it makes it much easier to see what's happening in the config and in ASDM.

Are you using ASDM to configure the 5505?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
The other part you need to change the outside map I.e. Traffic originating from 10.14.2.2 443 will be seen as coming from 192.168.2.2 while the same response from 10.14.2.3 443 will be seen from 192.168.2.3.

Is that what you are asking about?
0
OrrMinnesotaAuthor Commented:
Thanks all - I did not get a chance to test although I appreciate the feedback and will reference if needed.  Customer ended up going in a direction that did not require the question or solution.  In the future I will attempt to be more clear.  Thanks again for those  that took the time to answer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.