Solved

Mapping a public IP and ports to inside address

Posted on 2014-09-12
3
542 Views
Last Modified: 2014-09-14
I have what I think is a simple setup and problem.  I have many internal servers, two of them are Lync and Exchange with private IP addresses on them.  How does one setup the ASA (5512) to allow the communication for two things:
1 some internal private IPs use the same hosts - so the ASA fails when you tell it to forward the same ports?
2 with port forwarding how to handling something like Lync that has about 20,000 ports needed to map to its inside?

Currently I have things like OWA working by forwarding port 443 to the correct private IP.  Obviously this a busy port and a issue.  In some places you can reassign HTTPS to another port but there has got to be a better way.

much appreciate of any help/guidance....
0
Comment
Question by:EckoForce_1
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 40321218
Youre going to need more than 1 public ip address and do static 1-1 nat for lync and anything else that needs same port
Ike 443
0
 

Author Comment

by:EckoForce_1
ID: 40322199
I was hoping there was a better way.....so I cant have overlapping IPs on my ASA via interfaces, subinterfaces or contexts.....so how do I setup all these public IPs (which I do have).  Create static routes on the upstream router to point many public addresses to one?  My other options is getting a ASA-5505 for each IP - but that seems wasteful.
0
 

Author Comment

by:EckoForce_1
ID: 40322234
thanks for the guidance - I am going to use static NATs  - 1 public to 1 private and then allow my ports with ACLs....much easier that trying to port map!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now