?
Solved

Hairpin on asa 9.1 - Guest wifi network access to 1 host only and ONLY for https

Posted on 2014-10-28
3
Medium Priority
?
298 Views
Last Modified: 2014-11-01
Hi

I have a guest wifi whos gateway is on its own dedicated interface on asa "guest wifi"
the gust vlan is isolated and does not have any access at all to internal LAN - only access it has is external http and https

I need to allow it to talk https to an "internal sharepoint server" 192.168.20.1"
at the moment i have a NAT of https of 1 of our  public address to internal sharepoint IP 192.168.20.1 (This is for public outside access to our sharepoint/internal)

This NAT fails of course for our "guest wifi" users as the traffic cant U tun back inside.
I need to come up with a solution hairpin? I thought about TMG sharepoint rule in tmg - it does not appear to work (this maybe as a result of the NAT in place on the asa however)

I really would like full command set on asa to achieve what im after please :) . So when guest wifi users go to https://sharepoint.domain.com  they can get to it - and most important all of their other http and https traffic to "internet" generally will not be effected.
0
Comment
Question by:philb19
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40408747
Firstly how will the Wi-Fi users resolve the name sharepoint.domain.com?
0
 
LVL 1

Author Comment

by:philb19
ID: 40408826
hi glad for resonse -  the DN is done external - my reading has led me to what looks like a nice feature on asa

DNS rewrite - Im hopeful that i can turn this on to resolve (hoping it wont break the NAT for users on net accesing the  internal sharepoint site??

DNS rewrite will then DNS resolve to the NAT internal IP address of sharepoint

I presume i will then require some changes ot access-lists to at least allow https from guest (resticted wifi) to the internal IP address of sharepoint
0
 
LVL 1

Author Comment

by:philb19
ID: 40408831
first sentance above should read:

hi glad for resonse -  the DNS is done external - my reading has led me to what looks like a nice feature on asa
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question