01-20-2011 01:41 AM - edited 03-11-2019 12:37 PM
Hi all
I have a customer who wants to publish a web server that will only accept http traffic. As it will be accessed over the internet he was hoping to use https up to the firewall and then http inside. I have tried setting this up in a lab type environment but it doesnt work. Is it possible to even do this?
Here are the lines I have added:
static (noc,outside) tcp x.x.x.x https SNMPserver www netmask 255.255.255.255
access-list outside-access-in extended permit tcp any host x.x.x.x eq https
The device is a 5510 ASA running 8.2(3)
01-20-2011 05:24 AM
I don't believe this is possible.
The ASA can redirect *to* https but not from it. For that you would need something like an F5 LTM device to do SSL offloading.
Hope this helps?
01-21-2011 02:36 AM
I thought it may not be possible but was getting more hopeful when it accepted the config change. Thanks for replying anyway.
01-22-2011 01:35 PM
Hi,
The lines mentioned in question should redirect port 443 traffic on IP: x.x.x.x to SNMP server on port:80. But if the x.x.x.x IP address is of outside interface (interface keyword is used) then we should keep in mind that if some service (like webvpn, https-asdm) is running on outside interface then ASA will be using 443 port which is default for webvpn and HTTPS (ASDM). But this is about redirection that is not making connection secure till ASA.
I hope this helps.
-Shahid
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide