Solved

Hairpin on asa 9.1 - Guest wifi network access to 1 host only and ONLY for https

Posted on 2014-10-28
3
289 Views
Last Modified: 2014-11-01
Hi

I have a guest wifi whos gateway is on its own dedicated interface on asa "guest wifi"
the gust vlan is isolated and does not have any access at all to internal LAN - only access it has is external http and https

I need to allow it to talk https to an "internal sharepoint server" 192.168.20.1"
at the moment i have a NAT of https of 1 of our  public address to internal sharepoint IP 192.168.20.1 (This is for public outside access to our sharepoint/internal)

This NAT fails of course for our "guest wifi" users as the traffic cant U tun back inside.
I need to come up with a solution hairpin? I thought about TMG sharepoint rule in tmg - it does not appear to work (this maybe as a result of the NAT in place on the asa however)

I really would like full command set on asa to achieve what im after please :) . So when guest wifi users go to https://sharepoint.domain.com  they can get to it - and most important all of their other http and https traffic to "internet" generally will not be effected.
0
Comment
Question by:philb19
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40408747
Firstly how will the Wi-Fi users resolve the name sharepoint.domain.com?
0
 

Author Comment

by:philb19
ID: 40408826
hi glad for resonse -  the DN is done external - my reading has led me to what looks like a nice feature on asa

DNS rewrite - Im hopeful that i can turn this on to resolve (hoping it wont break the NAT for users on net accesing the  internal sharepoint site??

DNS rewrite will then DNS resolve to the NAT internal IP address of sharepoint

I presume i will then require some changes ot access-lists to at least allow https from guest (resticted wifi) to the internal IP address of sharepoint
0
 

Author Comment

by:philb19
ID: 40408831
first sentance above should read:

hi glad for resonse -  the DNS is done external - my reading has led me to what looks like a nice feature on asa
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question