?
Solved

Hairpin on asa 9.1 - Guest wifi network access to 1 host only and ONLY for https

Posted on 2014-10-28
3
Medium Priority
?
311 Views
Last Modified: 2014-11-01
Hi

I have a guest wifi whos gateway is on its own dedicated interface on asa "guest wifi"
the gust vlan is isolated and does not have any access at all to internal LAN - only access it has is external http and https

I need to allow it to talk https to an "internal sharepoint server" 192.168.20.1"
at the moment i have a NAT of https of 1 of our  public address to internal sharepoint IP 192.168.20.1 (This is for public outside access to our sharepoint/internal)

This NAT fails of course for our "guest wifi" users as the traffic cant U tun back inside.
I need to come up with a solution hairpin? I thought about TMG sharepoint rule in tmg - it does not appear to work (this maybe as a result of the NAT in place on the asa however)

I really would like full command set on asa to achieve what im after please :) . So when guest wifi users go to https://sharepoint.domain.com  they can get to it - and most important all of their other http and https traffic to "internet" generally will not be effected.
0
Comment
Question by:philb19
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40408747
Firstly how will the Wi-Fi users resolve the name sharepoint.domain.com?
0
 
LVL 1

Author Comment

by:philb19
ID: 40408826
hi glad for resonse -  the DN is done external - my reading has led me to what looks like a nice feature on asa

DNS rewrite - Im hopeful that i can turn this on to resolve (hoping it wont break the NAT for users on net accesing the  internal sharepoint site??

DNS rewrite will then DNS resolve to the NAT internal IP address of sharepoint

I presume i will then require some changes ot access-lists to at least allow https from guest (resticted wifi) to the internal IP address of sharepoint
0
 
LVL 1

Author Comment

by:philb19
ID: 40408831
first sentance above should read:

hi glad for resonse -  the DNS is done external - my reading has led me to what looks like a nice feature on asa
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question