cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


181
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA 5510 not allowing some https traffic

I have 2 ASA 5510's in a failover bundle.  I have a weird issue right now, where a site (https) is apparently getting blocked behind the firewall.  If I browse to the site, it just spins, then says the page could not be displayed.  I can ping the IP address, and I can browse to the http version of the page, but I cannot browse to the https site.  If I plug into the DMZ on the outside of the firewall, I can see the page no problem. There is something in the ASA that is blocking it.  We certainly allow 443 out, and use https heavily, all the time.  It's just this one site, which is weird, because I know ASA's don't do deep packet inspection.  Can anyone think of what would be causing this?

Everyone's tags (3)
1 REPLY 1
Beginner

Well, we figured this out.

Well, we figured this out.  It actually wasn't the firewall.  It was DNS resolution.  This particular site's DNS was all messed up.  When I was on the DMZ, I changed to another DNS server, which hadn't updated yet.  External DNS tests were all returning either no records or just the generic Network Solutions IP, which would give you a landing page.  We used the hosts file to get around it until they fixed their DNS pointers.