Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

inspect http

Hello!

I am confused, ASA with inspect or without inspect.

A simple schema

100 0

http client------ASA--------http server

inside out

100 0

http server------ASA-------http client

inside out

What should I add to the first and second circuits to allow the client access to server and please explain why?

Thank you very much!

1 REPLY
Silver

Re: inspect http

When you enable "inspect http" command in ASA it protects against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs enhanced HTTP inspection.

You must apply ACLs to an interface to allow the passing of traffic on an interface. You can apply one ACL of each type (extended and EtherType) to both directions of the interface. For connectionless protocols, you need to apply the ACL to the source and destination interfaces if you want traffic to pass in both directions. For example, you can allow BGP in an ACL in transparent mode, but you need to apply the ACL to both interfaces.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094ea2.shtml

233
Views
0
Helpful
1
Replies