https://community.cisco.com/t5/network-security/asa-5510-not-allowing-some-https-traffic/m-p/2605284#M202040 <P>I have 2 ASA 5510's in a failover bundle. &nbsp;I have a weird issue right now, where a site (https) is apparently getting blocked behind the firewall. &nbsp;If I browse to the site, it just spins, then says the page could not be displayed. &nbsp;I can ping the IP address, and I can browse to the http version of the page, but I cannot browse to the https site. &nbsp;If I plug into the DMZ on the outside of the firewall, I can see the page no problem. There is something in the ASA that is blocking it. &nbsp;We certainly allow 443 out, and use https heavily, all the time. &nbsp;It's just this one site, which is weird, because I know ASA's don't do deep packet inspection. &nbsp;Can anyone think of what would be causing this?</P> Tue, 12 Mar 2019 05:14:45 GMT Jake Pratt 2019-03-12T05:14:45Z https://community.cisco.com/t5/network-security/asa-5510-not-allowing-some-https-traffic/m-p/2605284#M202040 <P>I have 2 ASA 5510's in a failover bundle. &nbsp;I have a weird issue right now, where a site (https) is apparently getting blocked behind the firewall. &nbsp;If I browse to the site, it just spins, then says the page could not be displayed. &nbsp;I can ping the IP address, and I can browse to the http version of the page, but I cannot browse to the https site. &nbsp;If I plug into the DMZ on the outside of the firewall, I can see the page no problem. There is something in the ASA that is blocking it. &nbsp;We certainly allow 443 out, and use https heavily, all the time. &nbsp;It's just this one site, which is weird, because I know ASA's don't do deep packet inspection. &nbsp;Can anyone think of what would be causing this?</P> Tue, 12 Mar 2019 05:14:45 GMT https://community.cisco.com/t5/network-security/asa-5510-not-allowing-some-https-traffic/m-p/2605284#M202040 Jake Pratt 2019-03-12T05:14:45Z https://community.cisco.com/t5/network-security/asa-5510-not-allowing-some-https-traffic/m-p/2605285#M202041 <P>Well, we figured this out. &nbsp;It actually wasn't the firewall. &nbsp;It was DNS resolution. &nbsp;This particular site's DNS was all messed up. &nbsp;When I was on the DMZ, I changed to another DNS server, which hadn't updated yet. &nbsp;External DNS tests were all returning either no records or just the generic Network Solutions IP, which would give you a landing page. &nbsp;We used the hosts file to get around it until they fixed their DNS pointers.&nbsp;</P> Thu, 18 Dec 2014 19:35:04 GMT https://community.cisco.com/t5/network-security/asa-5510-not-allowing-some-https-traffic/m-p/2605285#M202041 Jake Pratt 2014-12-18T19:35:04Z