Solved

Hairpin on asa 9.1 - Guest wifi network access to 1 host only and ONLY for https

Posted on 2014-10-28
3
271 Views
Last Modified: 2014-11-01
Hi

I have a guest wifi whos gateway is on its own dedicated interface on asa "guest wifi"
the gust vlan is isolated and does not have any access at all to internal LAN - only access it has is external http and https

I need to allow it to talk https to an "internal sharepoint server" 192.168.20.1"
at the moment i have a NAT of https of 1 of our  public address to internal sharepoint IP 192.168.20.1 (This is for public outside access to our sharepoint/internal)

This NAT fails of course for our "guest wifi" users as the traffic cant U tun back inside.
I need to come up with a solution hairpin? I thought about TMG sharepoint rule in tmg - it does not appear to work (this maybe as a result of the NAT in place on the asa however)

I really would like full command set on asa to achieve what im after please :) . So when guest wifi users go to https://sharepoint.domain.com  they can get to it - and most important all of their other http and https traffic to "internet" generally will not be effected.
0
Comment
Question by:philb19
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40408747
Firstly how will the Wi-Fi users resolve the name sharepoint.domain.com?
0
 

Author Comment

by:philb19
ID: 40408826
hi glad for resonse -  the DN is done external - my reading has led me to what looks like a nice feature on asa

DNS rewrite - Im hopeful that i can turn this on to resolve (hoping it wont break the NAT for users on net accesing the  internal sharepoint site??

DNS rewrite will then DNS resolve to the NAT internal IP address of sharepoint

I presume i will then require some changes ot access-lists to at least allow https from guest (resticted wifi) to the internal IP address of sharepoint
0
 

Author Comment

by:philb19
ID: 40408831
first sentance above should read:

hi glad for resonse -  the DNS is done external - my reading has led me to what looks like a nice feature on asa
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now