cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17892
Views
5
Helpful
5
Replies

port 80 redirect to https

charlie.ford
Beginner
Beginner

Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? If no, then a definitve answer would solve my problem. If yes, some suggestions on how to accomplish the redirect for a single site. 8.2.4 is current code. More info if you need!

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Charlie,

Of course you can do this on your ASA.

Lets say the web-server ip addres is 192.168.2.11 and will be natted to 2.2.2.2.

So you want to redirect all traffic hitting 2.2.2.2 on port 80 to port 443 on 192.168.2.11.

Here is the configuration you need:

static (inside,outside) tcp 2.2.2.2 80 192.168.2.11 443

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

Kind regards,

Please rate helpful posts,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Charlie,

Of course you can do this on your ASA.

Lets say the web-server ip addres is 192.168.2.11 and will be natted to 2.2.2.2.

So you want to redirect all traffic hitting 2.2.2.2 on port 80 to port 443 on 192.168.2.11.

Here is the configuration you need:

static (inside,outside) tcp 2.2.2.2 80 192.168.2.11 443

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

Kind regards,

Please rate helpful posts,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC


There was an error, please check below.

Hello All,

Please can someone help me to write this NAT in a format that ASA Version 9.1(2) understands

static (inside,outside) tcp 2.2.2.2 80 192.168.2.11 443

BR,

Thanks 

charlie.ford
Beginner
Beginner

Let me rephrase this. The web site must allow port 80 and port 443 at the edge.

User "A' uses http and user "B" uses https, both users need to access port 443 on the IIS server within the network.

The access-list is would allow both 80 and 443 through but can we direct all calls to 443 no matter if they are http or https?

Hello Charlie,

Got it!!!

Here is what you need:

access-list test permit tcp host 192.168.2.11 eq 443 any

static (inside,outside) tcp 2.2.2.2 443 192.168.2.11 443

static (inside,outside) tcp 2.2.2.2 80 access-list test

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-list outside_in permit tcp any host 2.2.2.2 eq 443

access-group outside_in in interface outside

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: