Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco ASA rely HTTP port to HTTPS without using CNAME DNS-record

Hi all,

could anyone tell me Is it possible to configure ASA so when customer rely http://domain.com Cisco ASA rely to https://domain.com (it's similar with CName function of domain record).

P.S. resource of domain.com located behind ASA and DNS A-record rely on public ASA ip address

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

The ASA can not do this

The ASA can not do this redirect based on URL/FQDN.  You would need to find another way of doing it.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
6 REPLIES
VIP Green

The ASA can not do this

The ASA can not do this redirect based on URL/FQDN.  You would need to find another way of doing it.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
VIP Green

What version ASA are you

What version ASA are you running?

If the server has both static public and private IPs you could use NAT to redirect HTTP traffic to HTTPS based on IP.

object network PUBLIC_IP
  host 1.1.1.1

object network REAL_IP
  host 2.2.2.2
  nat (inside,outside) static PUBLIC_IP http https

Keep in mind that you will also need a NAT statement that maintains https to the server.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Hello, Marius,thank you for

Hello, Marius,

thank you for your reply. I understand that we should find another way of doing it.

From your example follow what server must work with http protocol and after ASA it will be already https protocol?

VIP Green

In my example above, any http

In my example above, any http traffic that is destined for public IP 1.1.1.1 will be translated to the private IP of 2.2.2.2 and the port will be translated to https.

http to 1.1.1.1 -->  https to 2.2.2.2

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Ok, but it highly neccessery

Ok, but it highly neccessery to force customer using https until ASA, and it not very critical what we using https inside network.

VIP Green

Then you need to find a

Then you need to find a different solution...you might want to look at solutions such as clientless SSL VPN, Citrix, or similar.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
333
Views
0
Helpful
6
Replies
CreatePlease to create content