Solved

cisco asa pass same port to two different servers

Posted on 2014-12-09
3
188 Views
Last Modified: 2014-12-09
I am working on transitioning from an exchange 2007 server to an exchange 2013 server and have routed email to the new server by changing my asa port forwarding to the new ip address.

However during this transition process I need outside access to the old legacy server also for OWA. Thus I need port 443 to be able to forward to both the old exchange and the new exchange server as the owa process currently is going to the new server and it is passing it on to the legacy server when the mailbox is on the old server.

This process works perfectly fine inside the network but from the outside the legacy server can not be seen.

I added the 443 rules again for the legacy server and got a warning in the nat rules about overlapping.

Bottom line is it still does not work from the outside but works fine from the inside.

So how to a get a Cisco ASA 5505 to be able to pass 443 traffic based on server name etc.

Thanks!
0
Comment
Question by:dpcsit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40489212
You can't. what you need is a box able to direct traffic based on some arbitrary content (SNI might work) and an ASA isn't anywhere near advanced enough to do that.  You are more probably looking at some sort of content load balancing, so should (probably) pass it though to a box that can do that.  There are commercial load balancers that can do this for you, or if you are looking for something free (given its a short-term need) you could pass the 443 traffic to a webserver (such as apache with mod_proxy) and use name based virtual hosting to direct the traffic at the back end to the appropriate internal host based on inbound name.
0
 
LVL 1

Author Closing Comment

by:dpcsit
ID: 40489330
Answered my question of how!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40489369
do give apache+mod_proxy a try though. you should be able to run that on windows, and pass the traffic selectively to your two OWS boxes depending on hostname.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 6 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question