Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
3
Replies

Redirect denied traffic

Go to solution
heiki saaver
Level 1
Level 1

‎01-24-2014 07:54 AM - edited ‎03-11-2019 08:35 PM

Hi. Is it possible to redirect denied traffic in Cisco ASA?

For example if a user is trying to access an HTTP page which is denied to him by an access-list, then that user is redirected to another HTTP webpage.

The ultimate goal is to notify the user that the resource he is trying to access is actually denied by the access-list and not because of a network/service outage.

Is there any reasonable solution to this problem? thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 08:04 AM

Hi,

I would imagine this would be the job of some other device other than the ASA.

If the ASA denies the traffic it then thats it.

Only thing silimiar I can think of right now would be to configure Cut Through Proxy which would ask the user for authentication when he attempts to connection to certain destination with certain port. You could also configure a message on teh ASA that would be printed to the user when the ASA shows the authentication page.

Here is one document

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

There is plenty of documents online about this subject though.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 08:04 AM

Hi,

I would imagine this would be the job of some other device other than the ASA.

If the ASA denies the traffic it then thats it.

Only thing silimiar I can think of right now would be to configure Cut Through Proxy which would ask the user for authentication when he attempts to connection to certain destination with certain port. You could also configure a message on teh ASA that would be printed to the user when the ASA shows the authentication page.

Here is one document

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

There is plenty of documents online about this subject though.

- Jouni

0 Helpful

Go to solution
heiki saaver
Level 1
Level 1
In response to Jouni Forss

‎01-26-2014 11:39 PM

I think the cut-through proxy will work good enough.

good job Jouni, thanks.

0 Helpful

Go to solution
heiki saaver
Level 1
Level 1
In response to Jouni Forss

‎02-02-2014 11:39 PM

unfortunately it seems that the cut-through proxy cant be applied to Anyconnect VPN users.

here is the topic I started

https://supportforums.cisco.com/message/4150921#4150921

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card