Solved

Mapping a public IP and ports to inside address

Posted on 2014-09-12
3
539 Views
Last Modified: 2014-09-14
I have what I think is a simple setup and problem.  I have many internal servers, two of them are Lync and Exchange with private IP addresses on them.  How does one setup the ASA (5512) to allow the communication for two things:
1 some internal private IPs use the same hosts - so the ASA fails when you tell it to forward the same ports?
2 with port forwarding how to handling something like Lync that has about 20,000 ports needed to map to its inside?

Currently I have things like OWA working by forwarding port 443 to the correct private IP.  Obviously this a busy port and a issue.  In some places you can reassign HTTPS to another port but there has got to be a better way.

much appreciate of any help/guidance....
0
Comment
Question by:EckoForce_1
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 40321218
Youre going to need more than 1 public ip address and do static 1-1 nat for lync and anything else that needs same port
Ike 443
0
 

Author Comment

by:EckoForce_1
ID: 40322199
I was hoping there was a better way.....so I cant have overlapping IPs on my ASA via interfaces, subinterfaces or contexts.....so how do I setup all these public IPs (which I do have).  Create static routes on the upstream router to point many public addresses to one?  My other options is getting a ASA-5505 for each IP - but that seems wasteful.
0
 

Author Comment

by:EckoForce_1
ID: 40322234
thanks for the guidance - I am going to use static NATs  - 1 public to 1 private and then allow my ports with ACLs....much easier that trying to port map!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now