Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Asa5505 to route port 443 to 2 different IP's

Posted on 2013-10-23
4
Medium Priority
?
347 Views
Last Modified: 2013-10-27
Hi experts

I have a client with:
-  only one IP address  
- an ASA5505 in front
- 2 webservers on the inside

I need to direct all https / port 443 traffic to webserver #1, unless the traffice comes from a specific IP, then it needs to go to webserver #2.

using a different port for server02 is not an option. Is this possible?

I tried this but it directs everyting to #1 stil..:
static (inside,outside) tcp x.x.x.x https webserver2 https netmask 255.255.255.255
static (inside,outside) tcp interface https webserver1 https netmask 255.255.255.255
0
Comment
Question by:Sander123
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 1800 total points
ID: 39595654
and this?

object network webserver1
 host x.x.x.x

object network webserver2
 host x.x.x.x

object network special_ip
 host x.x.x.x

object service nat-https
 service tcp destination eq 443

nat (outside,inside) source static special_ip special_ip destination static interface webserver2 service nat-https nat-https unidirectional no-proxy-arp
nat (outside,inside) source static any any destination static interface webserver1 service nat-https nat-https unidirectional no-proxy-arp

access-list outside_access_in extended permit object nat-https object special_ip object webserver2
access-list outside_access_in extended permit object nat-https any object webserver1

I am doing this from head so if there is a syntax error please let me know!

P.S. You will need the ASA 9.x version to do this properly!
0
 

Author Comment

by:Sander123
ID: 39596682
Hi Henkva

txs, I prob should have mentioned this ASA is on fw 7.2(4) .
I could try and upgrade to fw 9 but i'd rather have some other solution since the device is one of the older models so i don't know if it can handle fw 9..
Also it's on the other side of the country so if i can avoid spending 6 hours in the car i'd rather do that ;)

Is there no way to do this with firmware 7.2?

Thanks
0
 
LVL 2

Assisted Solution

by:mannyfernandez
mannyfernandez earned 200 total points
ID: 39596824
Sander23,

Sadly, I do not think there is  way to do this with the legacy code.  Although the 9 train is preferred though, you CAN do it on 8.3 and above.

Manny
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39596838
You will need 512MB RAM to run 8.3 though.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question