11-22-2014 11:00 PM - edited 03-10-2019 06:17 AM
Hi
Solved! Go to Solution.
11-23-2014 08:58 AM
If you want to protect you own Webservers from attacks from the internet. you can't use the HTTPS-Decryption of the ASA-CX as the internet-clients don't have your CX-certificate.
The typical way to solve this is to place a reverse-proxy into a DMZ and do the SSL/TLS-handling there. The reverse-proxy sends plain HTTP through the ASA and the IPS can inspect that and protect your servers.
11-23-2014 08:58 AM
If you want to protect you own Webservers from attacks from the internet. you can't use the HTTPS-Decryption of the ASA-CX as the internet-clients don't have your CX-certificate.
The typical way to solve this is to place a reverse-proxy into a DMZ and do the SSL/TLS-handling there. The reverse-proxy sends plain HTTP through the ASA and the IPS can inspect that and protect your servers.
11-23-2014 09:07 PM
Thanks for your answer
I Can implement reverse proxy with ASA5525-X ?
If the answer is negative
Please help me in selecting the best practice for implement reverse proxy.
Do not use Cisco Agent Security for this Solutions ?
Best
11-23-2014 10:55 PM
The reverse proxy doesn't have anything to do with the ASA:
11-26-2014 01:56 AM
Hi
Thanks for your Complete answer.
Excuse me, I have a question. Is it possible to use ASA to Act https proxy servers Similar CSC to the previous generation ?
11-26-2014 02:47 AM
No, the ASA can't do that. You need an external device for that.
12-02-2014 11:04 PM
Thank you
Which Device Can use For This Solutions ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide