https://community.cisco.com/t5/network-security/https-rules/m-p/1598785#M604519 <HTML><HEAD></HEAD><BODY><P>please apply captures on the outside and inside and of the asa and also the PC this will give us some ideas</P><P></P><P>let us see where it is feeling</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml</A></P><P></P><P>this will help you applying captures</P></BODY></HTML> Tue, 22 Feb 2011 14:54:16 GMT Jitendriya Athavale 2011-02-22T14:54:16Z https://community.cisco.com/t5/network-security/https-rules/m-p/1598784#M604518 <P>Hello everyone,</P><P></P><P>We're experiëncing some difficulties with our ASA 5505.</P><P><BR />When we want to visit <A href="https://portal.example.com" target="_blank">https://portal.example.com</A> the pc doesn't go to that website. However, when we visit a different portal, it goes right ahead. When we remove the ASA 5505 out of the network we can vizit <A href="https://portal.example.com" target="_blank">https://portal.example.com</A> just fine.</P><P></P><P>I uploaded the firewall rules just in case. I didn't think there's anything wrong with those but I uploaded them anyway.</P><P></P><P>Has anyone experienced the same kind of incidents?</P><P></P><P>Thanks in advance,</P><P></P><P>Stijn</P> Mon, 11 Mar 2019 19:54:21 GMT https://community.cisco.com/t5/network-security/https-rules/m-p/1598784#M604518 Stijntacken 2019-03-11T19:54:21Z https://community.cisco.com/t5/network-security/https-rules/m-p/1598785#M604519 <HTML><HEAD></HEAD><BODY><P>please apply captures on the outside and inside and of the asa and also the PC this will give us some ideas</P><P></P><P>let us see where it is feeling</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml</A></P><P></P><P>this will help you applying captures</P></BODY></HTML> Tue, 22 Feb 2011 14:54:16 GMT https://community.cisco.com/t5/network-security/https-rules/m-p/1598785#M604519 Jitendriya Athavale 2011-02-22T14:54:16Z https://community.cisco.com/t5/network-security/https-rules/m-p/1598786#M604520 <HTML><HEAD></HEAD><BODY><P>you might also want to take a look at this</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml</A></P></BODY></HTML> Tue, 22 Feb 2011 15:08:16 GMT https://community.cisco.com/t5/network-security/https-rules/m-p/1598786#M604520 Jitendriya Athavale 2011-02-22T15:08:16Z https://community.cisco.com/t5/network-security/https-rules/m-p/1598787#M604521 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I assume that "portal.example.com" is just a placeholder for the real server you try to access.</P><P></P><P>Some things to verify (because "PC doesn't go to that website" is not very precise):</P><P></P><P>Can you resolve the name on the PC in question with nslookup?</P><P></P><P>Can you establish a telnet session to the resolved IP address, port 443?</P><P>(you might want to do that test from "server" because it's the only one permitted https to the outside)</P><P></P><P>A packet-tracer is always recommended to verify if something is wrong with the firewall config (but in that case I don't think its the config).</P><P></P><P>Is "server" functioning as a https-proxy for the inside PCs? If so, can the server itself open the website?</P><P>If "server" is a https-proxy could be something wrong with the server policies, like black-list or something wrong with the certificate of "portal.example.com"?</P><P></P><P>In some rare cases a server can redirect the clients to a different port with "content location changed" (vulgo "http redirect").</P><P></P><P>Just a few things that might be worth trying to drill down into the cause of the issue.</P><P></P><P>Rgds,</P><P></P><P>MiKa</P></BODY></HTML> Tue, 22 Feb 2011 20:54:48 GMT https://community.cisco.com/t5/network-security/https-rules/m-p/1598787#M604521 m.kafka 2011-02-22T20:54:48Z https://community.cisco.com/t5/network-security/https-rules/m-p/1598788#M604522 <HTML><HEAD></HEAD><BODY><P>Hi!</P><P></P><P>These answers put me on the right track.</P><P></P><P>I had t change the MMS value in the ASA. After that it worked.</P><P></P><P>Thank you all!</P><P></P><P>Greets,</P><P></P><P>Stijn Tacken</P></BODY></HTML> Tue, 01 Mar 2011 14:09:18 GMT https://community.cisco.com/t5/network-security/https-rules/m-p/1598788#M604522 Stijntacken 2011-03-01T14:09:18Z