https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536628#M237244 <P>Then you need to find a different solution...you might want to look at solutions such as clientless SSL VPN, Citrix, or similar.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Thu, 26 Jun 2014 06:36:50 GMT Marius Gunnerud 2014-06-26T06:36:50Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536622#M237235 <P>Hi all,</P><P>could anyone tell me Is it possible to configure ASA so when customer rely <STRONG>http://</STRONG>domain.com Cisco ASA rely to <STRONG>https://</STRONG>domain.com (it's similar with CName function of domain record).</P><P>P.S. resource of domain.com located behind ASA and DNS A-record rely on public ASA ip address</P><P>Thank you.</P> Tue, 12 Mar 2019 04:22:27 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536622#M237235 Vadim Semenov 2019-03-12T04:22:27Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536623#M237238 <P>The ASA can not do this redirect based on URL/FQDN.&nbsp; You would need to find another way of doing it.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Wed, 25 Jun 2014 10:26:17 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536623#M237238 Marius Gunnerud 2014-06-25T10:26:17Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536624#M237239 <P>What version ASA are you running?</P><P>If the server has both static public and private IPs you could use NAT to redirect HTTP traffic to HTTPS based on IP.</P><P><STRONG>object network PUBLIC_IP<BR />&nbsp; host 1.1.1.1</STRONG></P><P><STRONG>object network REAL_IP<BR />&nbsp; host 2.2.2.2<BR />&nbsp; nat (inside,outside) static PUBLIC_IP http https</STRONG></P><P>Keep in mind that you will also need a NAT statement that maintains https to the server.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Wed, 25 Jun 2014 10:42:50 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536624#M237239 Marius Gunnerud 2014-06-25T10:42:50Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536625#M237241 <P>Hello, Marius,</P><P>thank you for your reply. I understand that we should find another way of doing it.</P><P>From your example follow what server must work with http protocol and after ASA it will be already https protocol?</P> Thu, 26 Jun 2014 06:04:31 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536625#M237241 Vadim Semenov 2014-06-26T06:04:31Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536626#M237242 <P>In my example above, any http traffic that is destined for public IP 1.1.1.1 will be translated to the private IP of 2.2.2.2 and the port will be translated to https.</P><P>http to 1.1.1.1 --&gt;&nbsp; https to 2.2.2.2</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Thu, 26 Jun 2014 06:21:23 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536626#M237242 Marius Gunnerud 2014-06-26T06:21:23Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536627#M237243 <P>Ok, but it highly neccessery to force customer using https until ASA, and it not very critical what we using https inside network.</P> Thu, 26 Jun 2014 06:34:44 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536627#M237243 Vadim Semenov 2014-06-26T06:34:44Z https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536628#M237244 <P>Then you need to find a different solution...you might want to look at solutions such as clientless SSL VPN, Citrix, or similar.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Thu, 26 Jun 2014 06:36:50 GMT https://community.cisco.com/t5/network-security/cisco-asa-rely-http-port-to-https-without-using-cname-dns-record/m-p/2536628#M237244 Marius Gunnerud 2014-06-26T06:36:50Z