0
Does anyone know how to bypass the Cisco ASA portal page (clientless SSL VPN), so I can access some internal machine directly from outside using a certain group policy? (or otherwise, be creative)
I'm asking because the internal machine uses HTTP/1.1 name-based vhosts that I wish to transparently access from the outside, yet use ASA's authentication mechanisms before getting there.
Marki
Posted 2011-08-31T14:42:06.140
Reputation: 572
Can you not forward port 80 to the machine in question? You should then be able to port forward 8080 to the cisco LAN port 80 so that you can still access the interface. – MaQleod – 2011-08-31T15:51:53.997
Well, we use a certificate-based connection via HTTPS to the ASA from outside. I guess one solution would be to use one of the unused external IPs and NAT them to the inside machine, but then the authentication would have to happen on that machine too, which I don't like. (another user account list to manage etc.) – Marki – 2011-08-31T16:04:43.957
The fact is that the so-called homepage is a URL, not just an IP so it does not just forward requests. We have now set up a separate DNS for the DMZ and access the machines directly via portal bookmarks. – Marki – 2011-09-06T08:38:42.093