Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
1
Replies

Problems with TLS traffic

KWOODS1229
Level 1
Level 1

‎01-12-2011 06:29 PM - edited ‎03-11-2019 12:34 PM

I have several ASA 5540 firewalls in place and one of them is

causing me a lot of ulcer time.

I am trying to pass Secure LDAP traffic through to an internal server.  Everything goes well until the server attempts to respond to the authentication on a different port.  The firewall blocks the outbound traffic and the connection drops.

I have set up access rules to pass the LDAPS to the internal server, I have set up a NAT rule for the internal server, I have done everything else that I can think of short of pulling the firewall out.

Does anyone know of a best practice for TLS on the 5540?  We are having similar problems with FTPS and SMTPS as well, but nobody is screaming about them at the moment.

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-12-2011 06:48 PM

Yes, with all the secure/encrypted applications like FTPS, SMTPS, LDAPS, the ASA is not able to inspect the data packet because it is encrypted, hence when the application dynamically negotiates for a different port for the actual data connection, it will fail because ASA can't read encrypted packet and because it is not part of the existing connection, it will drop the packet. The best you can do is to configure ACL in both direction to allow the packet to go through to and from the server. This is common for any other firewalls unless it supports and performs man-in-middle to decrypt the traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card