Okay, this was my dilemma and I couldn’t google this one to find a solution. I had to resort to calling the Cisco Gurus themselves.

This was the issue:

Client has an outside IP of 70.X.X.X and an internal IIS server of 192.X.X.100. They host an internal site that all within the 192 network can access.

Now they wanted me to help them allow outside access to the IIS server and access the site via the web using https, or as follows: https://70.X.X.X/web.

I created a static NAT using the https ports and I couldn’t get anywhere. I tried different things and nuffin! Ahhhhhh!

Called Cisco TAC (Technical Access Center)! This is what I was sent from the tech, whom in my opinion rocks. As soon as I followed his intructions it worked perfectly!

This is it:

“Look like we are missing a line.
The line you require is the following :

access-list outside_access_in line 1 extended permit tcp any host 70.X.X.X eq 443

That line will use the next 2 lines described below to allow access on port 443 to the server with the IP =192.X.X.100 if connection to the server is attempted from the Internet using IP=70.X.X.X as the destination address.

static (inside,outside) tcp interface https 192.X.X.100 https netmask 255.255.255.255 interface Vlan2 ip address 70.X.X.X 255.255.255.X

These last 2 lines are already part of the ASA current configuration so you don’t need to enter them.”

That was it… simple, but it works!

You may be the one to comment first. Please leave your message below.