Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
0
Helpful
1
Replies

Selectively prevent content rewrite

dondehoff
Level 1
Level 1

‎01-21-2011 07:43 AM

Is is possible to tell the ASA to NOT rewrite certain things, like public internet links, javascript libraries, and certain other code or links?

When I am accessing our intranet through the SSL VPN, and I click on an external link, when I go to that site, their pages are being rewritten by the VPN.  That seems incorrect.  There is no reason for me to go through the VPN to get to a site I can get to from home.

I'm tracing all sorts of strange JavaScript errors that seem to be attributable to the ASA rewriting code within my JavaScript.  I understand this is sometimes necessary, but I would like to know if it is possible to prevent it when I know it is safe to do so.

Thank you.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-21-2011 08:00 AM

Don,

Yes it is possible, BUT, it's not trivial and more often than not your first few tries will break something.

The feature is called APCF:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/webvpn.html#wp1046693

That being said, I would highly recommend using smart-tunneling of bookrmakrs whenever possible instead of using APCF if ASA's rewrite engine breaks something.

Marcin

just in case newer documentation:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/webvpn.html

and an example of APCF (to stop rewrite of everything aspx) (UNTESTED!)


1.0

  Do not rewrite
  
     
         
           *.aspx*
         
           
             
           
      
 


0 Helpful
Customers Also Viewed These Support Documents