cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


254
Views
0
Helpful
4
Replies
Beginner

Https rules

Hello everyone,

We're experiëncing some difficulties with our ASA 5505.


When we want to visit https://portal.example.com the pc doesn't go to that website. However, when we visit a different portal, it goes right ahead. When we remove the ASA 5505 out of the network we can vizit https://portal.example.com just fine.

I uploaded the firewall rules just in case. I didn't think there's anything wrong with those but I uploaded them anyway.

Has anyone experienced the same kind of incidents?

Thanks in advance,

Stijn

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Https rules

4 REPLIES 4
Cisco Employee

Re: Https rules

please apply captures on the outside and inside and of the asa and also the PC this will give us some ideas

let us see where it is feeling

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml

this will help you applying captures

Highlighted
Cisco Employee

Re: Https rules

Beginner

Re: Https rules

Hi!

These answers put me on the right track.

I had t change the MMS value in the ASA. After that it worked.

Thank you all!

Greets,

Stijn Tacken

Enthusiast

Re: Https rules

Hi,

I assume that "portal.example.com" is just a placeholder for the real server you try to access.

Some things to verify (because "PC doesn't go to that website" is not very precise):

Can you resolve the name on the PC in question with nslookup?

Can you establish a telnet session to the resolved IP address, port 443?

(you might want to do that test from "server" because it's the only one permitted https to the outside)

A packet-tracer is always recommended to verify if something is wrong with the firewall config (but in that case I don't think its the config).

Is "server" functioning as a https-proxy for the inside PCs? If so, can the server itself open the website?

If "server" is a https-proxy could be something wrong with the server policies, like black-list or something wrong with the certificate of "portal.example.com"?

In some rare cases a server can redirect the clients to a different port with "content location changed" (vulgo "http redirect").

Just a few things that might be worth trying to drill down into the cause of the issue.

Rgds,

MiKa

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here