inspect http

Unanswered Question
Mar 23rd, 2009
User Badges:

Hello!

I am confused, ASA with inspect or without inspect.


A simple schema

100 0

http client------ASA--------http server

inside out

100 0

http server------ASA-------http client

inside out


What should I add to the first and second circuits to allow the client access to server and please explain why?


Thank you very much!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Fri, 03/27/2009 - 08:38
User Badges:
  • Silver, 250 points or more

When you enable "inspect http" command in ASA it protects against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs enhanced HTTP inspection.


You must apply ACLs to an interface to allow the passing of traffic on an interface. You can apply one ACL of each type (extended and EtherType) to both directions of the interface. For connectionless protocols, you need to apply the ACL to the source and destination interfaces if you want traffic to pass in both directions. For example, you can allow BGP in an ACL in transparent mode, but you need to apply the ACL to both interfaces.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094ea2.shtml

Actions

This Discussion