I have a customer who needed to set up some external services through to an internal machine – they have a Cisco ASA 5505 running the 8.2(1) firmware. The catch?
Their usable WAN IP was something like 220.127.116.11 and was assigned as the Cisco’s outside interface, with a 18.104.22.168 gateway on a /26 network – I figured there would be plenty of IPs in that range to use, but I couldn’t – none of them worked. After some time, I called the ISP and was told they had a second subnet of usable IP addresses – 22.214.171.124/29 – with a 126.96.36.199 gateway.
I did some quick Google-foo and found a number of answers, but none demonstrating how easy and simple it is. Hoping to make this easy for the next guy – here’s how you do it. If you provide a route to the second subnet, a static NAT entry and an access-list entry allowing that traffic, it’ll work just fine:
route outside 188.8.131.52 255.255.255.248 184.108.40.206 1 static (inside,outside) tcp 220.127.116.11 https 192.168.1.50 https netmask 255.255.255.0 access-list outside_in extended permit tcp any host 18.104.22.168 eq https access-list outside_in in interface outside
As soon as I entered these commands, the ASA began translating this traffic and life was good.