cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
0
Helpful
1
Replies

inspect http

ToX1c1986
Level 1
Level 1

Hello!

I am confused, ASA with inspect or without inspect.

A simple schema

100 0

http client------ASA--------http server

inside out

100 0

http server------ASA-------http client

inside out

What should I add to the first and second circuits to allow the client access to server and please explain why?

Thank you very much!

1 Reply 1

smalkeric
Level 6
Level 6

When you enable "inspect http" command in ASA it protects against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs enhanced HTTP inspection.

You must apply ACLs to an interface to allow the passing of traffic on an interface. You can apply one ACL of each type (extended and EtherType) to both directions of the interface. For connectionless protocols, you need to apply the ACL to the source and destination interfaces if you want traffic to pass in both directions. For example, you can allow BGP in an ACL in transparent mode, but you need to apply the ACL to both interfaces.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094ea2.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: