Solved

Mapping a public IP and ports to inside address

Posted on 2014-09-12
3
566 Views
Last Modified: 2014-09-14
I have what I think is a simple setup and problem.  I have many internal servers, two of them are Lync and Exchange with private IP addresses on them.  How does one setup the ASA (5512) to allow the communication for two things:
1 some internal private IPs use the same hosts - so the ASA fails when you tell it to forward the same ports?
2 with port forwarding how to handling something like Lync that has about 20,000 ports needed to map to its inside?

Currently I have things like OWA working by forwarding port 443 to the correct private IP.  Obviously this a busy port and a issue.  In some places you can reassign HTTPS to another port but there has got to be a better way.

much appreciate of any help/guidance....
0
Comment
Question by:EckoForce_1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 40321218
Youre going to need more than 1 public ip address and do static 1-1 nat for lync and anything else that needs same port
Ike 443
0
 

Author Comment

by:EckoForce_1
ID: 40322199
I was hoping there was a better way.....so I cant have overlapping IPs on my ASA via interfaces, subinterfaces or contexts.....so how do I setup all these public IPs (which I do have).  Create static routes on the upstream router to point many public addresses to one?  My other options is getting a ASA-5505 for each IP - but that seems wasteful.
0
 

Author Comment

by:EckoForce_1
ID: 40322234
thanks for the guidance - I am going to use static NATs  - 1 public to 1 private and then allow my ports with ACLs....much easier that trying to port map!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question