Cisco ASA Multiple Public IP

Posted by KGDI on Server Fault See other posts from Server Fault or by KGDI
Published on 2012-09-10T10:51:38Z Indexed on 2012/09/10 15:40 UTC
Read the original article Hit count: 159

Filed under:
|
|

I have a Cisco ASA5510 and articles related to ASA and mulitple Public IP says this cant be done. My question is how to best solve a scenario like this:

I have 3 zones, Outside, Inside and DMZ

  • Outside is Internet
  • Inside is Client machines
  • DMZ is a zone for servers related to external and internal services.

My scenario is a bit more complex, but to keep things simple this will do:

I want to place an Exchange server and a web server (externally reachable in the DMZ zone)

The webserver uses both TCP80/443, the Exchange server uses 443

So to the problem: With the ASA only having one public IP, how would you make a DNAT to port 443 on both the internal hosts behind 1 Public IP? Usually, when i do this kind of scenario With Linux boxes i use alias Interfaces like eth0:0, eth0:1 and set 1 Public IP on each.

To me this must be a pretty common scenario, any ideas on how to solve it With ASA?

/KGDI

© Server Fault or respective owner

Related posts about networking

Related posts about firewall