Solved

Asa5505 to route port 443 to 2 different IP's

Posted on 2013-10-23
4
329 Views
Last Modified: 2013-10-27
Hi experts

I have a client with:
-  only one IP address  
- an ASA5505 in front
- 2 webservers on the inside

I need to direct all https / port 443 traffic to webserver #1, unless the traffice comes from a specific IP, then it needs to go to webserver #2.

using a different port for server02 is not an option. Is this possible?

I tried this but it directs everyting to #1 stil..:
static (inside,outside) tcp x.x.x.x https webserver2 https netmask 255.255.255.255
static (inside,outside) tcp interface https webserver1 https netmask 255.255.255.255
0
Comment
Question by:Sander123
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 450 total points
Comment Utility
and this?

object network webserver1
 host x.x.x.x

object network webserver2
 host x.x.x.x

object network special_ip
 host x.x.x.x

object service nat-https
 service tcp destination eq 443

nat (outside,inside) source static special_ip special_ip destination static interface webserver2 service nat-https nat-https unidirectional no-proxy-arp
nat (outside,inside) source static any any destination static interface webserver1 service nat-https nat-https unidirectional no-proxy-arp

access-list outside_access_in extended permit object nat-https object special_ip object webserver2
access-list outside_access_in extended permit object nat-https any object webserver1

I am doing this from head so if there is a syntax error please let me know!

P.S. You will need the ASA 9.x version to do this properly!
0
 

Author Comment

by:Sander123
Comment Utility
Hi Henkva

txs, I prob should have mentioned this ASA is on fw 7.2(4) .
I could try and upgrade to fw 9 but i'd rather have some other solution since the device is one of the older models so i don't know if it can handle fw 9..
Also it's on the other side of the country so if i can avoid spending 6 hours in the car i'd rather do that ;)

Is there no way to do this with firmware 7.2?

Thanks
0
 
LVL 2

Assisted Solution

by:mannyfernandez
mannyfernandez earned 50 total points
Comment Utility
Sander23,

Sadly, I do not think there is  way to do this with the legacy code.  Although the 9 train is preferred though, you CAN do it on 8.3 and above.

Manny
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
Comment Utility
You will need 512MB RAM to run 8.3 though.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now