cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
0
Helpful
3
Replies

Server access https outside http inside

mbluemel
Level 1
Level 1

Hi all

I have a customer who wants to publish a web server that will only accept http traffic. As it will be accessed over the internet he was hoping to use https up to the firewall and then http inside. I have tried setting this up in a lab type environment but it doesnt work. Is it possible to even do this?

Here are the lines I have added:

static (noc,outside) tcp x.x.x.x https SNMPserver www netmask 255.255.255.255
access-list outside-access-in extended permit tcp any host x.x.x.x eq https

The device is a 5510 ASA running 8.2(3)

3 Replies 3

handsy
Level 1
Level 1

I don't believe this is possible.

The ASA can redirect *to* https but not from it. For that you would need something like an F5 LTM device to do SSL offloading.

Hope this helps?

I thought it may not be possible but was getting more hopeful when it accepted the config change. Thanks for replying anyway.

shzaman
Level 1
Level 1

Hi,

The lines mentioned in question should redirect port 443 traffic on IP: x.x.x.x to SNMP server on port:80. But if the x.x.x.x IP address is of outside interface (interface keyword is used) then we should keep in mind that if some service (like webvpn, https-asdm) is running on outside interface then ASA will be using 443 port which is default for webvpn and HTTPS (ASDM). But this is about redirection that is not making connection secure till ASA.

I hope this helps.

-Shahid

Review Cisco Networking for a $25 gift card