02-22-2011 06:42 AM - edited 03-11-2019 12:54 PM
Hello everyone,
We're experiëncing some difficulties with our ASA 5505.
When we want to visit https://portal.example.com the pc doesn't go to that website. However, when we visit a different portal, it goes right ahead. When we remove the ASA 5505 out of the network we can vizit https://portal.example.com just fine.
I uploaded the firewall rules just in case. I didn't think there's anything wrong with those but I uploaded them anyway.
Has anyone experienced the same kind of incidents?
Thanks in advance,
Stijn
Solved! Go to Solution.
02-22-2011 07:08 AM
you might also want to take a look at this
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
02-22-2011 06:54 AM
please apply captures on the outside and inside and of the asa and also the PC this will give us some ideas
let us see where it is feeling
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml
this will help you applying captures
02-22-2011 07:08 AM
you might also want to take a look at this
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
03-01-2011 06:09 AM
Hi!
These answers put me on the right track.
I had t change the MMS value in the ASA. After that it worked.
Thank you all!
Greets,
Stijn Tacken
02-22-2011 12:54 PM
Hi,
I assume that "portal.example.com" is just a placeholder for the real server you try to access.
Some things to verify (because "PC doesn't go to that website" is not very precise):
Can you resolve the name on the PC in question with nslookup?
Can you establish a telnet session to the resolved IP address, port 443?
(you might want to do that test from "server" because it's the only one permitted https to the outside)
A packet-tracer is always recommended to verify if something is wrong with the firewall config (but in that case I don't think its the config).
Is "server" functioning as a https-proxy for the inside PCs? If so, can the server itself open the website?
If "server" is a https-proxy could be something wrong with the server policies, like black-list or something wrong with the certificate of "portal.example.com"?
In some rare cases a server can redirect the clients to a different port with "content location changed" (vulgo "http redirect").
Just a few things that might be worth trying to drill down into the cause of the issue.
Rgds,
MiKa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide