cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1617
Views
0
Helpful
1
Replies

Cisco ASA not returning http/https internally

We have an internal VLAN that we wish to have ACLs to allow https traffic for when applications need the access to perform upgrades. If we try to setup NAT it wont let us use port 443 because it is in use with VPN and SSL. The ACLs dont seem to have any effect on the traffic, though the packet tracer shows that the 443 from the outside doesnt make it past the ACL rules. I have attached the complete configuration (IPs have been replaced with letters) so that anyone may review and add any comments. 

 

We have been using curl as a test for this. This should return a header from the site, but instead just hangs:

 

curl -Is https://support.cisco.com

 

#  show asp table socket                               

 

 

Protocol  Socket    State      Local Address                                Foreign Address

SSL       00003148  LISTEN     :443                              0.0.0.0:*                                    

SSL       00005a08  LISTEN     :443                             0.0.0.0:*                                    

SSL       00006738  LISTEN     :443                               0.0.0.0:*                                    

SSL       00009138  LISTEN     :443                               0.0.0.0:*                                    

SSL       0000a6a8  LISTEN     :443                               0.0.0.0:*                                    

 

1 Accepted Solution

Accepted Solutions

I decided the best method was to use wccp and a proxy server.

View solution in original post

1 Reply 1

I decided the best method was to use wccp and a proxy server.

Review Cisco Networking for a $25 gift card