Re: https and certs issues

Mon, 16 Nov 2009 12:22:00 -0800

Makes more sense to me to set up the zone. I can work with it and mimic it with a hosts file. 
Routers and Firewall are managed by third parties.
I believe the problem with the rule in the ASA is not really the asa's fault. I have 12 static addresses from AT&T I can play with. I set one of those addresses up as the board.imcu.com site. 
I got an ssl cert for the board.imcu.com site.
I set up a server internally and added the cert to the IIS 6.0 site internally. I asked to have a rule set that any traffice destined for the ip x on the ASA for board.imcu.com be translated to the internal site. 
I think that is clear and a default setup of any firewall and website.
Internally I forward all DNS requests to the root servers on the internet.
I only had DNS entries for AD.
This setup allowed only workstations outside of my domain to access the board.imcu.com site. 
Internally I needed to https://10.0.x.x to get to the site.
If I https://board.imcu.com IE8 would sit for about 180 seconds and then say webpage can not be displayed. 
I added a hosts record in my hosts file and it worked.
I have currently added a Primary Forward lookup zone of board.imcu.com with an A record of 10.0.x.x and a PTR record. If I drop the lookup zone and just add an A record to my AD will it do the same thing??? 


--------------------------------------------------
From: "Ben Scott" <[email protected]>
Sent: Monday, November 16, 2009 3:04 PM
To: "NT System Admin Issues" <[email protected]>
Subject: Re: https and certs issues


On Mon, Nov 16, 2009 at 2:47 PM,  <[email protected]> wrote:

Some configurations don't support going out and back in.  ASAs don't.


 I'm not an ASA guy, but what about an explict static
NAT/PAT/NPAT/rewrite/whatever-they-call-it rule, separate from the
regular public-to-private rule, so that when a packet hits the inside
interface destined for the public IP address and port, it rewrites
that packet for the private IP address?

 What about a rule on a router before it hits the ASA?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~























					Reply via email to