Cisco Firewall :: ASA5540 Port 80 Redirect To Https

Dec 21, 2011

Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code

ADVERTISEMENT

Cisco Firewall :: Redirect Http / Https To Port 8080 PIX 6.3?

Feb 27, 2013

I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
 
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
 
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
 
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
I get the following error: ERROR: duplicate of existing static
 
Is there a work around for this at all or am I stuck with the limitations of the software?

View 2 Replies View Related

Cisco Firewall :: Redirect Http And Https Traffic From ASA 5520 Via Squid?

Dec 20, 2010

Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?

View 18 Replies View Related

Cisco Application :: ACE 4710 With HTTPS Redirect

Sep 20, 2011

i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
 
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
 
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
 
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)

View 3 Replies View Related

Cisco Application :: CSS Or ACE 4710 Redirect HTTPS To Http

Feb 27, 2012

For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
 
But if the CSS is already handling traffic for existing url...  traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?

View 7 Replies View Related

Cisco Application :: ACE 4710 - Redirect HTTP To HTTPS?

Jun 21, 2012

I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.

View 4 Replies View Related

Cisco Application :: ACE 4700 Redirect HTTP To HTTPS?

Feb 6, 2013

How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.

View 7 Replies View Related

Cisco Switching/Routing :: WCCP V2 - Unable To Redirect The HTTPS Traffic?

Jun 3, 2013

I am unable to redirect the HTTPS traffic on my cisco router with WCCP V2

View 2 Replies View Related

Cisco WAN :: 8080 / Destination NAT To Redirect Outgoing HTTPS Traffic To A Local Server

Jul 14, 2011

I have got a Cisco router connected to a LAN and to the internet.I was wondering if I could nat https traffic from inside to internet to a local server (Proxy) on a given port for example tcp 8080.
  
int tunnel0
ip address 192.168.0.1 255.255.255.0
ip nat inside
 int fa0/1
des internet connexion
ip address 41.x.x.x.x 255.255.255.248
ip nat outside
 ip access-list extended Proxy_Redirect
permit tcp 192.168.0.0 0.0.0.255 any eq 443

View 1 Replies View Related

Cisco Firewall :: ASA 5550 Port Forwarding For HTTPs

Nov 27, 2012

I am setting up an ASA 5550 8.4 and asdm 6.4. Last thing I am missing is to get the static nat rule done for https. Done it with asdm and cli and always end up with "error: nat unable to reserve the port". Looked around the Net so far and changed the http enable port to 4433. ASDM access is only configured for inside and mgmt port. Disabled under RA VPN all checkboxes in clientless ssl and any connection profiles since IKEv1 is used for vpn access.

View 2 Replies View Related

Cisco Firewall :: ASA5540 - EAL4 Transparent Firewall Config

Mar 14, 2011

I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?

View 1 Replies View Related

Cisco 887VAW - Redirect Port 90 To Another IP Address External To Our Own?

Oct 28, 2012

Our company uses a commercial copier monitoring package called FMAudit to obtain meter readings from our clients' copiers, and it uses a feed to send the readings back to us. We have used port 90 for this purpose.Due to a recent server crash and emergency reconfiguration of our network, we have moved our FMAudit central server from in-house to a hosted service, with of course a different external IP address.

Without interfering with our other systems, is there a way to redirect JUST PORT 90 to another IP address external to our own? I don't care if it has to happen at the router or server level. We are using Server 2003 and a Cisco 887VAW.

View 2 Replies View Related

Port Redirect With Default Ports On Application?

Apr 26, 2012

I'm running several game and file servers via a dynamic IP, which I unfortunately cannot change to a static connection for several reasons. I've solved this by using No-IP, which is a Dynamic IP resolution service. This solved the first part of my problem - I can give people IP's for their websites, such as myfreemusic.sytes.net and so forth, but they all HAVE to append their ports to the url - i.e.

site1.sytes.net:90
site2.sytes.net:91

My main problem right now is the game servers - I'm hosting games that default host to 25565, and though I can change the ports the server hosts from, I must give those who want to connect the ports at the end of their urls, i.e.

server1.sytes.net:25566
server2.sytes.net:25567

I know DNS is essentially agnostic when it comes to ports, so no solution there. And I don't think the game (Minecraft vis-a-vis bukkit) supports SRV records, and even if they did, I'd have no idea how to configure them. How can I resolve static urls redirecting to a dynamic IP by pointing them to ports?

To simplify the question -

How can I make server1.sytes.net resolve to port 25566, and server2.sytes.net resolve to port 25567 when the default port is set to 25565?

View 1 Replies View Related

Cisco Application :: ACE 4710 / Redirect All Connections From Port 443 To 9443?

Sep 13, 2012

I must  redirect all connections from port 443 to 9443.
 
this is configered and running:            
 
serverfarm host FARM-002
  probe test-xml
  rserver svx-xmlfw-lb-01 9443
    backup-rserver svx-xmlfw-lb-02 9443
    inservice
  rserver svx-xmlfw-lb-02 9443

[code]....
     
I have in the moment following problem. All connections become redirectet to port 9443 but port 8080 shouldn`t be redirectet to port 9443. What can i change in my config to solve this problem?

View 6 Replies View Related

Servers :: Redirect Multiple Domain Names To Same IP / Different Port?

Aug 19, 2012

Redirecting a Domain to a IP:Port I host game servers for friends and strangers alike, but i'd like to make it easier for them all and give them dedicated IPs. Right now I include domain redirecting, but to connect to their server, they have to put in "example.com:xxxxx", x meaning their servers dedicated port. Is there any way that I can redirect a domain directly to "IP:Port"?

View 3 Replies View Related

Motorola SB6120 - Port 888 Redirect To Cable Modem?

Sep 18, 2011

I was working with Motorola SB6120 cable modem regarding an odd power cycle issue (it would power cycle randomly for 24 hours). While trying to diag the issue, I was taking a peak in his router config and found a port set to forward as:

Application: Comcast
Port From: 888
Protocol: Both
IP: 192.168.100.1
Port To: 80

I understand that his modem admin page is now available from the internet. He said his friend set this up to "modem", but I don't see any advantage of having this done. At this point what are the other advantages of forwarding such ports?Another key note: When the port forwarding was disabled, suddenly the power cycle issues stopped.

View 3 Replies View Related

Cisco Firewall :: VPN Between ASA5540 And Router

Sep 10, 2008

I had a working vpn configuration between a local and a remote router; the remote router is not under my administration.Now I moved the vpn termination from my side to an ASA5540 software version 8.0(3). The tunnel is up but there is no reachability. The "show crypto ipsec sa" on the ASA shows encapsulated packets but NO decapsulated packets! Routing and no_nat are properly configured.

View 28 Replies View Related

Cisco WAN :: 2600 - Redirect Web Traffic To External Proxy In Specific Port?

Jan 18, 2010

I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?

View 11 Replies View Related

Cisco Switching/Routing :: Policy Map Redirect Port 80 Switch 3750X

May 15, 2012

I would like to know if it possible to create a policy map in order to redirect the traffic ( 80 , http, 8080) to a proxy.
 
My current equipment its a 3750X using a IP Service License ,I was reviewing some options but i want to be sure before implement in production.

View 8 Replies View Related

Cisco Firewall :: K-value Mismatch With EIGRP On ASA5540

Mar 7, 2011

I have an ASA- 5585X (v.8.2.4) directly connected to an upstream 6509, which is running EIGRP. I configured the ASA for EIGRP with same AS# and network numbers and no auto-summary.   Here are the log messages I got:
 
Mar  8 15:11:08: %PIM-5-NBRCHG: neighbor 164.72.178.28 UP on interface Vlan150 (vrf default) Mar  8 15:11:08: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 164.72.178.28 on interface Vlan150 (vrf default)
Mar  8 15:11:11: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.28 (Vlan150) isup: new adjacencyMar  8 16:16:08: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.25 (Vlan150) isup: new adjacency
Mar  8 16:18:54: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.25 (Vlan150) is down: K-value mismatch
 
I lost my SSH connection to the upstream 6509 and couldn't get it back. Luckily I didn't lose my ASDM connection to the ASA, so I disabled EIGRP and went to look at the logs on the 6509.
 
What causes a K-value mismatch, and how to I rectify the situation?

View 1 Replies View Related

Cisco Firewall :: ASA5540 Configured With Standby IP

Aug 6, 2012

I have this 2x ASA5540 firewall and notice the it is configured with a standby ip. The firewall is run in Active/Passive mode.However, the standby ip of this firewall is not point to the secondary firewall and vice versa for the primary firewall. [code]

1) May i know how is this configuration valid in the first place? I have checked through the configuration. None of the configuration is related to this ip address.
 
2) Can we remove this standby ip address on both the firewall and correct to the correct primary and seconadary ip address in both firewall?
 
3) We tried to use this ip address but cannot be used ? Is it related to the configuration of the standby ip address.Do note that the ping to this ip address x.x.x.120 is unreachable.

View 1 Replies View Related

Cisco Firewall :: One ASA5540 With Two 3750 Connections

Jan 9, 2013

i have two CAT3750 need to place in L3, and it supposed that used as L3 switches by SVI for L2 routing, and I want to these two configured as redundancy by HSRP. but now I can only have one ASA5540 to connects these of L3 switches.
 
so, here is my questions:
 
1. does ASA5540 support multi vlan?

2. does it support spanning tree protocol?

3. if I've choiced to use trunking between two L3 switches, does it can pass through HSRP hello msg?

4. achive network redundancy

View 3 Replies View Related

Cisco Firewall :: Config Migration From ASA5540 To An ASA5545-X?

Jan 22, 2013

Customer has a ASA5540 at their main location and need a new ASA5500 for a DR site.
 
Can I simply take a config file from an ASA5540 and easily drop it on an ASA5545-X or what ever?
 
They are going to be using it as a VPN concentrator primarily.
 
Or are there going to be issues since the 5540 is running 8.4(5) and the 5545-X? Or if they upgrade to 9,0(1) or higher, then they should be the same?

View 2 Replies View Related

Cisco Firewall :: ASA5540 Memory Upgrade - 3Gig

May 10, 2011

I upgraded our ASA5540 to 8.4, THEN noted the increased requirements for Memory. I purchased the 2Gig upgrade, but when installing in the Primary unit today, noted that there were 4 slots. Slots 1/3 had 512Mb modules, so I installed the 2 x 1Gig modules in slots 2/4.
 
The ASA5540 came up clean, and it "sees" the entire 3Gig of memory.
 
My question: Is this a SUPPORTED configuration? All documentation I have read only mentions 2Gig of memory. Also, If I had FOUR x 1Gig memory modules, would the ASA5540 support the 4Gigs of memory?

View 1 Replies View Related

Cisco Firewall :: Fails To Download File Through ASA5540

Dec 12, 2011

We have ASA 5540 with 8.2 SW. We are trying to download a file (3 MB pdf)  from https session which fails if done behind the firewall. In case, the client bypasses firewall, the file gets downloaded as usuall. Interesting thing here to note is that when client is behind the firewall, its takes a long time to download the file and the file size always 312 Bytes, of course its a corrupt file.

View 3 Replies View Related

Cisco Firewall :: ASA5540 Management Interface IP Addressing?

May 9, 2011

How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
 
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed

View 1 Replies View Related

Cisco Security :: Can Add SSM-4GE Module In ASA5540-AIP40-K8 Firewall

Dec 11, 2011

I have requirement received from one of my customer. the part number given as ASA5540-AIP40-K8, same time requesting for addition of another 4Port GE Module (i believe its SSM-4GE Module). Is any option to add this module in to the above specified model (ASA5540-AIP40-K8).
 
As per my understanding the ASA5540 have the option to add 1 additional module only, so if we AIP-SSM module, we don't have any free slot left with to add another SSM-4GE Module in the firewall.
 
i am not getting even the option to add SSM-4GE in the ASA5540-AIP40-K8

View 1 Replies View Related

Cisco Firewall :: Interoperability ASA5540 Routing And Nat With The Same Zones?

May 18, 2011

I am migrating firewall fortinet to ASA5540 with inside (192.0.0.0/24), dmz (192.168.0.0/24), and outside (x.x.x.x), but the users of inside network gain access to the aplication for two ways: the first way is trough routing between inside and dmz, for example 192.0.0.200 to 192.168.0.20, and the another way is trough static nat between inside and dmz for example 192.0.0.200 to 192.0.0.20 (192.168.0.20 static nat). Is posible in Cisco configure that? because when i configure only firewall route the first way is OK, but when i add the second way only nat is work!

View 10 Replies View Related

Cisco Application :: Apply Policy Only On Specific Subnet / Port 443 Traffic Can Be Redirect And Rest

Feb 16, 2012

I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet 192.168.80.0/24..Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
 
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.

View 8 Replies View Related

Port Setting For HTTP 80 / HTTPS 443 And FTP 21?

Sep 12, 2011

how do I install Firefox if I cannot connect to the internet? Can I "save" it to a disc or flash drive from another computer.

View 7 Replies View Related

Cisco Firewall :: ASA5540 Can't Get DHCP Service From Outside To Inside Network

Jun 13, 2012

I have an inside network using PAT to one outside address. Our DNS server is on another local, but outside address.  I can't get the inside network to successfully get addresses.I have another inside address that just uses the wirewall and gets addresses just fine from the same server.I have the box checked in ASDN that enables DHCP on the inside interface and points to the correct DHCP server,PAT service is working properly if I use a hard coded address for a machine on the inside network.This is an ASA5540 with 8.3(2)

View 2 Replies View Related

Cisco Firewall :: How To Clear Input Errors In ASA5540 Interface

Feb 26, 2013

My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall.   [code] I need to Clear the Input errors on this particular Interface.Will Clear interface GigabitEthernet 0/0 will work?

View 4 Replies View Related

Cisco Firewall :: ASA5540 Dropping Packets On Large FTP Transfer

May 23, 2011

I am attempting to FTP to a remote site through a IPSEC tunnel.When I am transfering large files the ASA5540 is showing syslog errors stating "connection timeout".  What I think is happening is after about 1 hour the firewall is closing the connection control port for the FTP session and neither end is notified so eventually the transfer is stopped.What do I need to modify in the FW to accommodate these larger files?

View 1 Replies View Related

Cisco Firewall :: ASA5540 - No ICMP Reply From Inside Sub-interface

Apr 28, 2013

I need to monitor with ping the inside sub-interface of my ASA5540, is that possible? I get the ICMP requests but no replys going out from the box.
 
 I need to ping the 192.168.10.250 from the 192.168.5.55:
  
ASA Version 8.0(5) 
interface GigabitEthernet0/1
nameif inside

[Code].....

View 2 Replies View Related

Cisco Firewall :: IP Redirect With PIX 515?

Jan 3, 2012

I have a PIX 515 that i need to use as an ip redirector.For example if users try to access 80.80.80.80 ,they need to be redirected to 90.90.90.90 show ver, 
 
Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
  0: Ext: Ethernet0           : address is 000b.5fad.0c99, irq 10
1: Ext: Ethernet1           : address is 000b.5fad.0c9a, irq 11

[code]....
 
This platform has an Unrestricted (UR) license.

View 12 Replies View Related

Cisco Firewall :: ASA5540 - Disabling Anti-Replay For Specific Tunnel

Sep 23, 2012

We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have  to do in ASA5540 .

View 4 Replies View Related

Cisco :: ASA5540 - Run Firewall To Display MTU Packet Size Being Received On Interface?

Jul 5, 2012

I have a ASA5540 firewall set-up with an interface MTU of 1500.  
 
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this.  Any command that can be run on the firewall to display the MTU packet size being received on an interface?
 
We are also running Solar Winds so could query an OID if such a variable exists.

View 1 Replies View Related

Cisco Firewall :: DNS Redirect On ASA5505?

Feb 29, 2012

I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
 
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20

[code]....
 
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Firewall To Filter HTTPS Websites?

May 28, 2012

I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.

View 4 Replies View Related

Cisco Firewall :: ASA5540 In Multiple-context SNMP / Icmp Doesn't Work

Jun 10, 2013

what´s going on with an asa540 configure in multiple-context mode.   I Have a cacti server on my lan and now I´m try to monitoring the interface with snmp. When I try to get this information returns the error message:
 
CISCOASA/CONTEXTA#
JUN 11 2013 01:52:00: %ASA-1-1-6021: Deny UDP reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
JUN 11 2013 01:52:01: %ASA-1-1-6021: Deny UDP reverve path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
 
If I try to ping returns the same error:
 
CISCOASA/CONTEXTA#
 JUN 11 2013 01:56:09: %ASA-1-1-6021: Deny icmp  reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
   
Following attached the conf of my asa   My question is Why I can´t ping or even use snmp ?

View 5 Replies View Related

Cisco Firewall :: ASA5540-AIP20-K9 / Discover Actual Product Part Number

Nov 16, 2011

how can i discover product actual part number from the device through console.I have a bought a cisco  ASA5540-AIP20-K9 and i want to check either is the product is shipped us as a right product.And i want to check total BoM requriements from entering the ASA console through any CLI Command.Below My Cisco ASA BoM which i purchased.
 
ASA5540-AIP20-K9ASA 5540   Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES1CAB-ACUAC   Power Cord (UK), C13, BS 1363, 2.5m1SF-ASA-8.3-K8ASA   5500 Series Software v8.31SF-ASA-AIP-7.0-K9ASA   5500 Series AIP Sofware 7.0 for Security Service Modules1ASA-VPN-CLNT-K9Cisco   VPN Client Software (Windows, Solaris, Linux, Mac)1Included:   ASA5540-VPN-PRASA   5540 VPN Premium 5000 IPsec User License (7.0 Only)1Included:   ASA5500-ENCR-K9ASA   5500 Strong Encryption License (3DES/AES)1Included:   ASA-AIP-20-INC-K9ASA   5500 AIP Security Services Module-20 included w/ bundles1Included:   ASA-180W-PWR-ACASA   180W AC Power Supply1Included:   ASA-ANYCONN-CSD-K9ASA   5500 AnyConnect Client + Cisco Security Desktop Software1CON-SU1-AS4A20K9IPS   SVC, AR NBD ASA5540 w AIP-SSM-20,4GE + 1FE,3DES/AES1 

View 6 Replies View Related

Cisco Firewall :: Redirect Ip Address For Protocol With ASA 5500

Jan 5, 2012

On the inside interface and network, we have a server at, (as an example) 192.168.87.1, which acts as an email server.
 
The outside ip address of the ASA is, say, 200.0.0.1.
 
The ASA directs any imap requests from the outside interface to 192.168.87.1, which works fine from the outside. Users simply open up email, and collect emails etc.
  
When they come inside the office, their machine of course attempts to contact the ip address 200.0.0.1. the ASA knows it is outside interface, so they are unable to collect emails.
 
that any internal IMAP requests from machines on the inside to 200.0.0.1 are directed to the machine inside on 192.168.87.1?

View 5 Replies View Related

Cisco Firewall :: Redirect HTTP / Ftp Traffic (ASA 5510)

Apr 25, 2011

i have the following scenario :
  
ISP1-------ASA 5510----------ISP2
                    |
                    |
                    |
                  LAN
 
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.

View 7 Replies View Related

Cisco Firewall :: ASA (8.4) / Redirect Outside IP Request To Inside Host

Mar 27, 2012

Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests.  Scenario.  Mobile phone accesses a web app inside our network fine over cellular.  Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken.  We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards.  A lot just seem  to refresh their caches every 10-15 minutes.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Reverse Or Outbound NAT Redirect?

Jan 24, 2012

I have the need to do an outbound NAT redirection.  So what I mean is this.  I have a custom program that uses SSH to port 22 from a server inside the ASA firewall.  This goes out to a server on the Internet over port 22.    The ISP of the SSH server told me that they changed their SSH port from 22 to 2102.  So instead of changing the custom code on the developed application on the server... I thought it would be easier to do a OUTBOUND NAT redirection for the ASA to see port 22 from the server and redirect it OUTBOUND to port 2102. 
 
so for example:

The server is at 192.168.0.2 and it uses a program to initiate SSH traffic to 205.246.1.1. The server sends to port 22 but I need it automatically changed on the firewall to port 2201 at 205.246.1.1. 
 
It is a Cisco ASA 5510.   The server at 192.168.0.2 does have a fixed IP address on the outside with INBOUND NAT for things like port 25 (mail) traffic etc.  Lets pretend that was at 64.18.23.60.

View 1 Replies View Related

ADVERTISEMENT