NAT and SSL certs in local browser

Unanswered Question
Mar 8th, 2010

Currently all our internal addresses translate to a single external ip addr. We want to break this up for certain segments to have different public addresses. When I test this for myself, I cannot reach the websites. This includes, verisign, secureworks, Ironport support portal. Bank is OK. When I remove the dynamic nat off the ASA, all is fine again. Web traffic, because it comes from non spoofed proxy address, should not have changed. The access logs don't show the site is ever accessed. I don't know for certain this is Ironport related but I do have HTTPS proxy enabled. 6.3.3. Let me know if anyone has seen similar. Thanks much. jc

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
john.cunningham Mon, 03/08/2010 - 08:20

Clarification, I cannot reach websites where I have a user certificate installed for access, expect Ironport support site.

khoanguy Wed, 03/10/2010 - 13:21

This question was answer in customer support, further troubleshooting might be needed on the network/fw side.


This Discussion