Single session HTTPS offload on an ASA

PETER NEGUS · ‎01-15-2013

Dear ASA gurus

I have an ancient Alteon load balancer which only supports HTTP and telnet access. Our management people only allow HTTPS through the management firewall farm, and don't want to change this policy. So I need a low cost HTTPS to HTTP conversion, ideally on Cisco hardware like an ASA5505. It only needs one concurrent user.

Is there a way to configure an ASA 5505 to terminate the inbound HTTPS seession and re-originate a HTTP management session to the Alteon? It looks to me as if the Clientless SSL VPN might do the job.

Is there a way to do a SSH to telnet conversion on the ASA, or on a router?

All ideas gratefully accepted!

Michal Garcarz · ‎01-15-2013

Hi Peter,

ASA can not do SSL offloading. You would need cisco ACE for that - but i suppose it does not make sense for you to buy another loadbalancer.

The same apply to ssh to telnet conversion.

I do not know any router which could do that (on application layer)

The question is: what does it mean that your management only allows HTTPS ?

Is that just port 443 redirected ? or maybe full application inspection (HTTPS) ?

In first scenario you could just use NAT to share Alteon telnet/http on ports 443.

Of course assuming that will not violate your security policy.

All kinds of vpn might be solution (ssl vpn: clientless or with client, also ipsec). The question is what is most convienient for you.

--

Michal