NAT and SSL certs in local browser

Unanswered Question
Mar 8th, 2010
User Badges:

Currently all our internal addresses translate to a single external ip addr. We want to break this up for certain segments to have different public addresses. When I test this for myself, I cannot reach the websites. This includes, verisign, secureworks, Ironport support portal. Bank is OK. When I remove the dynamic nat off the ASA, all is fine again. Web traffic, because it comes from non spoofed proxy address, should not have changed. The access logs don't show the site is ever accessed. I don't know for certain this is Ironport related but I do have HTTPS proxy enabled. 6.3.3. Let me know if anyone has seen similar. Thanks much. jc

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
john.cunningham Mon, 03/08/2010 - 08:20
User Badges:

Clarification, I cannot reach websites where I have a user certificate installed for access, expect Ironport support site.

john.cunningham Mon, 03/08/2010 - 08:26
User Badges:

We use WCCP at core switch to route users to S360. HTTP and HTTPS in acl.

khoanguy Wed, 03/10/2010 - 13:21
User Badges:

This question was answer in customer support, further troubleshooting might be needed on the network/fw side.


This Discussion