Re: UCP website redirection

tahequivoice · ‎06-25-2009

Ran into a small problem with the website. It works fine for those not autonomous to our network, but those autonomous, or outside our network are unable to use it. The UCP site is on a server behind an ASA, the ACS is in front of the ASA. We can use it in our office OK since we can reach the server internally, but if you are outside of our office the UCP redirects the user to the server IP after login. How can I setup UCP so it uses the public IP of the firewall and not the IP of the server after you log in to change the password?

smalkeric · ‎07-01-2009

You configure the firewall to permit HTTP traffic over the range of HTTP administrative session ports that ACS uses. Then it will allows the UCP setup.

We do not recommend that you administer ACS through a firewall. Doing so requires that you configure the firewall to permit HTTP traffic over the range of HTTP administrative session ports that ACS uses. While narrowing this range reduces the risk of unauthorized access, a greater risk of attack remains if you allow administration of ACS from outside a firewall. A firewall that is configured to permit HTTP traffic over the ACS administrative port range must also permit HTTP traffic through port 2002, because a web browser must address this port to initiate an administrative session.