https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352136#M270962 <P>Hi. Is it possible to redirect denied traffic in Cisco ASA?</P><P>For example if a user is trying to access an HTTP page which is denied to him by an access-list, then that user is redirected to another HTTP webpage.</P><P></P><P>The ultimate goal is to notify the user that the resource he is trying to access is actually denied by the access-list and not because of a network/service outage.</P><P></P><P>Is there any reasonable solution to this problem? thanks!</P> Tue, 12 Mar 2019 03:35:22 GMT heiki saaver 2019-03-12T03:35:22Z https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352136#M270962 <P>Hi. Is it possible to redirect denied traffic in Cisco ASA?</P><P>For example if a user is trying to access an HTTP page which is denied to him by an access-list, then that user is redirected to another HTTP webpage.</P><P></P><P>The ultimate goal is to notify the user that the resource he is trying to access is actually denied by the access-list and not because of a network/service outage.</P><P></P><P>Is there any reasonable solution to this problem? thanks!</P> Tue, 12 Mar 2019 03:35:22 GMT https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352136#M270962 heiki saaver 2019-03-12T03:35:22Z https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352137#M270963 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I would imagine this would be the job of some other device other than the ASA.</P><P></P><P>If the ASA denies the traffic it then thats it.</P><P></P><P>Only thing silimiar I can think of right now would be to configure Cut Through Proxy which would ask the user for authentication when he attempts to connection to certain destination with certain port. You could also configure a message on teh ASA that would be printed to the user when the ASA shows the authentication page.</P><P></P><P>Here is one document</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml</A></P><P></P><P>There is plenty of documents online about this subject though.</P><P></P><P>- Jouni</P></BODY></HTML> Fri, 24 Jan 2014 16:04:48 GMT https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352137#M270963 Jouni Forss 2014-01-24T16:04:48Z https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352138#M270964 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">I think the cut-through proxy will work good enough.</SPAN></P><P></P><P>good job Jouni, thanks.</P></BODY></HTML> Mon, 27 Jan 2014 07:39:37 GMT https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352138#M270964 heiki saaver 2014-01-27T07:39:37Z https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352139#M270965 <HTML><HEAD></HEAD><BODY><P>unfortunately it seems that the cut-through proxy cant be applied to Anyconnect VPN users.</P><P></P><P>here is the topic I started </P><P><A class="jive-link-external-small" href="https://community.cisco.com/message/4150921#4150921">https://supportforums.cisco.com/message/4150921#4150921</A></P></BODY></HTML> Mon, 03 Feb 2014 07:39:41 GMT https://community.cisco.com/t5/network-security/redirect-denied-traffic/m-p/2352139#M270965 heiki saaver 2014-02-03T07:39:41Z