Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Trying to prevent Firewall from responding to Https requests

Current Setup

- 2 x ASA 5505 firewalls, running 9.0.4; ASDM 7.1; in active/standby mode

- Using Anyconnect v3.0.3054

     - VPN uses IPSec only; SSL Access is Disabled.

     - Anyconnect manually installed on Laptops.

     - Web Portal Shutdown and browser shows not found

     - Clientless SSL VPN Disabled.

Here is my Problem: (This problem is causing my external PCI scan to fail; it is failing because the https site is using ssl3.0 or TLS 1.0)

1. From an External PC, I open any browser and go to my firewall's IP address (i.e. https://8.8.8.8)

2. The browser gives a warning about an untrusted certificate.

3. If I click continue, then the browser tries to go to the Web portal login but then shows the "Page cannot be displayed" page.

What I am trying to do is stop the firewall from responding to HTTPS requests to the Firewall's WAN IP address; if I do step 1 of my problem, I want the browser to timeout due to no response from the firewall. 

After reading the admin manuals and researching this problem, I have hit a wall.

Thanks        

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Trying to prevent Firewall from responding to Https requests

An IPSec (IKEv2) remote access VPN requires use of SSL for the initial session establishment. AFAIK there's no avoiding that. You should explain to your auditor that this is required and that the lack of other services on that interface is a compensating control for the use of SSL.

Sent from Cisco Technical Support iPad App

2 REPLIES
Hall of Fame Super Silver

Re: Trying to prevent Firewall from responding to Https requests

An IPSec (IKEv2) remote access VPN requires use of SSL for the initial session establishment. AFAIK there's no avoiding that. You should explain to your auditor that this is required and that the lack of other services on that interface is a compensating control for the use of SSL.

Sent from Cisco Technical Support iPad App

New Member

Re: Trying to prevent Firewall from responding to Https requests

Thanks for the info, I purchased an SSL Certificate and all is well.

113
Views
0
Helpful
2
Replies
CreatePlease to create content