Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

cisco asa pass same port to two different servers

Posted on 2014-12-09
3
Medium Priority
?
191 Views
Last Modified: 2014-12-09
I am working on transitioning from an exchange 2007 server to an exchange 2013 server and have routed email to the new server by changing my asa port forwarding to the new ip address.

However during this transition process I need outside access to the old legacy server also for OWA. Thus I need port 443 to be able to forward to both the old exchange and the new exchange server as the owa process currently is going to the new server and it is passing it on to the legacy server when the mailbox is on the old server.

This process works perfectly fine inside the network but from the outside the legacy server can not be seen.

I added the 443 rules again for the legacy server and got a warning in the nat rules about overlapping.

Bottom line is it still does not work from the outside but works fine from the inside.

So how to a get a Cisco ASA 5505 to be able to pass 443 traffic based on server name etc.

Thanks!
0
Comment
Question by:dpcsit
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40489212
You can't. what you need is a box able to direct traffic based on some arbitrary content (SNI might work) and an ASA isn't anywhere near advanced enough to do that.  You are more probably looking at some sort of content load balancing, so should (probably) pass it though to a box that can do that.  There are commercial load balancers that can do this for you, or if you are looking for something free (given its a short-term need) you could pass the 443 traffic to a webserver (such as apache with mod_proxy) and use name based virtual hosting to direct the traffic at the back end to the appropriate internal host based on inbound name.
0
 
LVL 1

Author Closing Comment

by:dpcsit
ID: 40489330
Answered my question of how!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40489369
do give apache+mod_proxy a try though. you should be able to run that on windows, and pass the traffic selectively to your two OWS boxes depending on hostname.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question