Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
1
Replies

ASA 5510 not allowing some https traffic

Jake Pratt
Level 1
Level 1

‎12-18-2014 09:34 AM - edited ‎03-11-2019 10:14 PM

I have 2 ASA 5510's in a failover bundle.  I have a weird issue right now, where a site (https) is apparently getting blocked behind the firewall.  If I browse to the site, it just spins, then says the page could not be displayed.  I can ping the IP address, and I can browse to the http version of the page, but I cannot browse to the https site.  If I plug into the DMZ on the outside of the firewall, I can see the page no problem. There is something in the ASA that is blocking it.  We certainly allow 443 out, and use https heavily, all the time.  It's just this one site, which is weird, because I know ASA's don't do deep packet inspection.  Can anyone think of what would be causing this?

Labels:
0 Helpful
1 Reply 1

Jake Pratt
Level 1
Level 1

‎12-18-2014 11:35 AM

Well, we figured this out.  It actually wasn't the firewall.  It was DNS resolution.  This particular site's DNS was all messed up.  When I was on the DMZ, I changed to another DNS server, which hadn't updated yet.  External DNS tests were all returning either no records or just the generic Network Solutions IP, which would give you a landing page.  We used the hosts file to get around it until they fixed their DNS pointers. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card