Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Redirect denied traffic

Hi. Is it possible to redirect denied traffic in Cisco ASA?

For example if a user is trying to access an HTTP page which is denied to him by an access-list, then that user is redirected to another HTTP webpage.

The ultimate goal is to notify the user that the resource he is trying to access is actually denied by the access-list and not because of a network/service outage.

Is there any reasonable solution to this problem? thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Redirect denied traffic

Hi,

I would imagine this would be the job of some other device other than the ASA.

If the ASA denies the traffic it then thats it.

Only thing silimiar I can think of right now would be to configure Cut Through Proxy which would ask the user for authentication when he attempts to connection to certain destination with certain port. You could also configure a message on teh ASA that would be printed to the user when the ASA shows the authentication page.

Here is one document

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

There is plenty of documents online about this subject though.

- Jouni

3 REPLIES
Super Bronze

Redirect denied traffic

Hi,

I would imagine this would be the job of some other device other than the ASA.

If the ASA denies the traffic it then thats it.

Only thing silimiar I can think of right now would be to configure Cut Through Proxy which would ask the user for authentication when he attempts to connection to certain destination with certain port. You could also configure a message on teh ASA that would be printed to the user when the ASA shows the authentication page.

Here is one document

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml

There is plenty of documents online about this subject though.

- Jouni

New Member

Redirect denied traffic

I think the cut-through proxy will work good enough.

good job Jouni, thanks.

New Member

Redirect denied traffic

unfortunately it seems that the cut-through proxy cant be applied to Anyconnect VPN users.

here is the topic I started

https://supportforums.cisco.com/message/4150921#4150921

248
Views
0
Helpful
3
Replies
CreatePlease login to create content