07-08-2014 05:45 AM - edited 03-03-2019 07:30 AM
We want user who are connecting to a App in our DMZ with HTTP (80) to be redirected to HTTPS (443). Can I do the re-direct with my ASA 5520 ?
07-08-2014 05:54 AM
Hi ,
Do your server is listening/running on service 443 ?? , What is your ASA code ??
You can do port redirection , by using static PAT .
HTH
Sandy
07-08-2014 05:56 AM
We are using
Cisco Adaptive Security Appliance Software Version 8.2(3)
Do you have more info on using PAT?
07-08-2014 06:18 AM
Hi ,
Your real server should run/listen for services on TCP/443 . And you need configure Access-list on ASA for both service port 80 & 443 .
If your ASA is running with separate DMZ interface and if you want to Port NATing with outside interface below is the configuration .
X.X.X.X is mapped IP address
Y.Y.Y.Y is real IP address
hostname(config)# static (dmz,outside) tcp x.x.x.x 80 y.y.y.y 443 netmask 255.255.255.255
HTH
Sandy
07-08-2014 09:26 AM
Sandy,
I was able to make the changes to my ASA,
access-list acl_outside extended permit tcp any host X.X.X.X object-group WWW-SSL-TCP
static (DMZ1,outside) tcp X.X.X.X www Y.Y.Y.Y https netmask 255.255.255.255
using Chrome trying to access y.y.y.y from the internet http://X.X.X.X I get " It appears that the website you are trying to visit is having technical difficulties or is no longer available"
going to https://X.X.X.X i get re-directing message, but it also fails "Webpage is not available"
If I remove the PAT re-direct and re-try HTTPS works and HTTP fails..
Is there something more I should try ?
07-09-2014 06:55 AM
Hi ,
From below error you need to redirect on your server ,What is your server platforrm windows or Linux ??
going to https://X.X.X.X i get re-directing message, but it also fails "Webpage is not available"
http://support.microsoft.com/kb/839357
HTH
Sandy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide