cisco asa pass same port to two different servers

Posted on 2014-12-09
Medium Priority
Last Modified: 2014-12-09
I am working on transitioning from an exchange 2007 server to an exchange 2013 server and have routed email to the new server by changing my asa port forwarding to the new ip address.

However during this transition process I need outside access to the old legacy server also for OWA. Thus I need port 443 to be able to forward to both the old exchange and the new exchange server as the owa process currently is going to the new server and it is passing it on to the legacy server when the mailbox is on the old server.

This process works perfectly fine inside the network but from the outside the legacy server can not be seen.

I added the 443 rules again for the legacy server and got a warning in the nat rules about overlapping.

Bottom line is it still does not work from the outside but works fine from the inside.

So how to a get a Cisco ASA 5505 to be able to pass 443 traffic based on server name etc.

Question by:dpcsit
  • 2
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 40489212
You can't. what you need is a box able to direct traffic based on some arbitrary content (SNI might work) and an ASA isn't anywhere near advanced enough to do that.  You are more probably looking at some sort of content load balancing, so should (probably) pass it though to a box that can do that.  There are commercial load balancers that can do this for you, or if you are looking for something free (given its a short-term need) you could pass the 443 traffic to a webserver (such as apache with mod_proxy) and use name based virtual hosting to direct the traffic at the back end to the appropriate internal host based on inbound name.

Author Closing Comment

ID: 40489330
Answered my question of how!
LVL 33

Expert Comment

by:Dave Howe
ID: 40489369
do give apache+mod_proxy a try though. you should be able to run that on windows, and pass the traffic selectively to your two OWS boxes depending on hostname.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question