I only have rudimentary knowledge of Cisco ASAs, so my expectation is that I have a simple task that's being complicated by my lack of experience.
We have an in-house ERP system that contains an employee access portal. The portal runs on an IIS 7 instance on a dedicated internal Windows server. I have the portal set up, and can access it internally from a browser via http://ServerName:5058/sites/portalsite
. The site uses Windows Authentication (active directory) for access.
This has served us well, but now a request has come down to make this site accessible to our remote sales force. They do not wish to use their VPNs to access the site, so I will need to make it accessible from the outside world. From my reading, my ultimate configuration will utilize a forward-facing web server and a RODC on a DMZ, which, after authentication, pass the requests in to our internal portal server.
Unfortunately, I don't have the funding allocated in this year's budget for the additional server licensing. I can request it, but before I do so, my manager wants a 'proof of concept'. They will have the sales team test accessing the site remotely, and if things go well, I will 'redo' the solution the 'correct' way.
So... this leads me to my question. I understand that this won't be a solution that any security-minded network admin would sign off on, but can someone assist me in setting up rules in my current ASA 5505 to route external requests to an IP to the internal web server's portal site?
I have a dedicated IP address for the site (we have a block of 16 IPs). I've been reading up on NATing traffic with the ASA, but I'm either doing the rule wrong, or I'm misunderstanding the concept.