Solved: Cisco ASA not returning http/https internally

panderson@natrinsic.com · ‎09-01-2021

We have an internal VLAN that we wish to have ACLs to allow https traffic for when applications need the access to perform upgrades. If we try to setup NAT it wont let us use port 443 because it is in use with VPN and SSL. The ACLs dont seem to have any effect on the traffic, though the packet tracer shows that the 443 from the outside doesnt make it past the ACL rules. I have attached the complete configuration (IPs have been replaced with letters) so that anyone may review and add any comments.

We have been using curl as a test for this. This should return a header from the site, but instead just hangs:

# curl -Is https://support.cisco.com

# show asp table socket

Protocol Socket State Local Address Foreign Address

SSL 00003148 LISTEN :443 0.0.0.0:*

SSL 00005a08 LISTEN :443 0.0.0.0:*

SSL 00006738 LISTEN :443 0.0.0.0:*

SSL 00009138 LISTEN :443 0.0.0.0:*

SSL 0000a6a8 LISTEN :443 0.0.0.0:*

panderson@natrinsic.com · ‎09-02-2021

I decided the best method was to use wccp and a proxy server.

View solution in original post

panderson@natrinsic.com · ‎09-02-2021

I decided the best method was to use wccp and a proxy server.

Cisco ASA not returning http/https internally

http://www.ccnaccnplinux.com

ASA: How to download images using TFTP, FTP, HTTP, HTTPS and SCP

DNS over HTTPS with Cisco Umbrella

Hi Luis, http://www.cisco.com

HTTP X-Auth-Token versus HTTP Authorization