cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1190
Views
0
Helpful
3
Replies

Cisco ASA Firewall Non Standard HTML protocol on Port 80

laphil
Level 1
Level 1

Currently have a Cisco ASA5520..

there is an internal application that communicates on port 80 with an outside host but is not HTML protocol.

the ASA seems to block this traffic... any idea why?

3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

Can you check if you have the inspection for http enable?

Do the following

sh run policy-map

Check if it says inspect http.

Mike

Mike

The current output is

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

  inspect dns preset_dns_map

  inspect ip-options

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum 512 !
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny 
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip 
  inspect xdmcp
  inspect dns preset_dns_map
  inspect ip-options
policy-map type inspect dns migrated_dns_map_1
parameters
  message-length maximum 512

Inspect HTTP is not in there does this it filters out NON HTTP requests using app port 80?

It shouldnt, would you please gather the logs.

Mike

Mike
Review Cisco Networking for a $25 gift card