Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
4
Replies

Https rules

Go to solution
Stijntacken
Level 1
Level 1

‎02-22-2011 06:42 AM - edited ‎03-11-2019 12:54 PM

Hello everyone,

We're experiëncing some difficulties with our ASA 5505.


When we want to visit https://portal.example.com the pc doesn't go to that website. However, when we visit a different portal, it goes right ahead. When we remove the ASA 5505 out of the network we can vizit https://portal.example.com just fine.

I uploaded the firewall rules just in case. I didn't think there's anything wrong with those but I uploaded them anyway.

Has anyone experienced the same kind of incidents?

Thanks in advance,

Stijn

Labels:
Preview file
55 KB
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee

‎02-22-2011 06:54 AM

please apply captures on the outside and inside and of the asa and also the PC this will give us some ideas

let us see where it is feeling

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml

this will help you applying captures

0 Helpful

Go to solution
Stijntacken
Level 1
Level 1
In response to Jitendriya Athavale

‎03-01-2011 06:09 AM

Hi!

These answers put me on the right track.

I had t change the MMS value in the ASA. After that it worked.

Thank you all!

Greets,

Stijn Tacken

0 Helpful

Go to solution
m.kafka
Level 4
Level 4

‎02-22-2011 12:54 PM

Hi,

I assume that "portal.example.com" is just a placeholder for the real server you try to access.

Some things to verify (because "PC doesn't go to that website" is not very precise):

Can you resolve the name on the PC in question with nslookup?

Can you establish a telnet session to the resolved IP address, port 443?

(you might want to do that test from "server" because it's the only one permitted https to the outside)

A packet-tracer is always recommended to verify if something is wrong with the firewall config (but in that case I don't think its the config).

Is "server" functioning as a https-proxy for the inside PCs? If so, can the server itself open the website?

If "server" is a https-proxy could be something wrong with the server policies, like black-list or something wrong with the certificate of "portal.example.com"?

In some rare cases a server can redirect the clients to a different port with "content location changed" (vulgo "http redirect").

Just a few things that might be worth trying to drill down into the cause of the issue.

Rgds,

MiKa

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card