Websites -HTTP/HTTPS/FTPS, no DMZ

Hello everyone,
I'm having some trouble and need your assistance.
We have thirty five HTTP/HTTPS/FTPS web sites to setup in the ASA 5520 ASDM firewall, we need to know if its possible to have them all setup 
without using a DMZ, we have two or three sub-nets with HTTP/HTTPS/FTPS servers. We get the first website setup on the ASA ASDM GUI  working great, when we begin to add multiple sites is when all stop working, even the original first site stops working.
I have all networks talking to each other as inside to inside or all using the same security-level 100 a requirement we have all internal networks allow traffic between networks. We would like to allow outside users/customers to have access 
to our HTTP/HTTPS/FTPS websites without having to setup two or more DM Z's.
What I'm using to setup each website as a template
object network SMS-WebServer-HTTP
host 10.10.2.10 inside IP address
nat (VLAN102,outside) static 98.101.206.252 service tcp 80 80 outside address
object network SMS-WebServer-HTTPS
host 10.10.2.10 inside IP address
nat (VLAN102,outside) static 98.101.206.252 service tcp 443 443 outside address
access-list OutsideToVLAN102 permit tcp any host 10.10.2.10 eq 80
access-list OutsideToVLAN102 permit tcp any host 10.10.2.10 eq 443
I'm not sure what's required to get all HTTP/HTTPS/FTPS sites working through the firewall without using the DMZ and using the ASDM for setup.
Thank you all

Hi,
Will need some clarification on what you are actually wanting/attempting to do and what the current situation with regards to the network is.
First thing that I want to ask is what do you mean setting up the servers without a DMZ? Do you mean that you want to use your existing internal networks address space when configuring the servers and then simply configure NAT for the servers on the firewall INSTEAD OF configuring a separate Subnet/Vlan on the firewall where all the servers would be hosted?
I guess technically there is nothing stopping you from setting up the servers in whatever subnet/Vlan you have already on your network. Usually though servers that are used to host resources to external users through the public network are positioned on a DMZ network which permits little to no connectivity from the servers towards the LAN networks.
I would also be interested in exactly what commands are entered to the ASA when the connectivity to the servers stops working. I would imagine that there is some error in the configurations if they effect already working setups. You might also be overwriting the working configuration depending what you are actually inserting to the ASA. You should be able to get the CLI format configurations even if you were using only ASDM if you go to Tools -> Preferences -> choose the preview of commands
I would also like to ask you what your situation with regards to available public IP addresses is? Are you able to dedicate each server a public IP address (though there seems to be many)? Especially in the cases of web servers you might run into a problem if you dont have a public IP address for each server since you can not forward the same port for the same public IP address to multiple internal hosts. So when you have used the HTTP and HTTPS ports for the public IP address you mention then you will already require another public IP address to forward the same ports to another server. Or you will have to use different public facing ports which is not very convinient for the actual web users if he/she has to use a port number in the URL.
I guess there are ways to host multiple sites on a single server which means you would not need so many public IP address and special NAT configurations on the firewall but that is a thing I am not equipped to give advice to anyone :)
So in short, we would need to know
How many public IP addresses do you have available to use for these servers or are you going to host multiple sites on fewer number of servers?
Are you going to have the server running on actual LAN subnets or would you be willing to atleast create a single DMZ to host the servers?
What are the commands that you have entered that prevents the existing configurations from working? Is there any IP overlap in the configurations and does the ASA give any error messages?
- Jouni

Similar Messages

  • How do I disable the "Security Warning" - encrpted script message when I log in to a website using https ? If I cannot get the website owner to change it's code

    ''dupe of https://support.mozilla.org/en-US/questions/1027400 - locking''
    Whenever I log onto a website via https, I get this message and am unable to have Firefox save my password for the website.
    Another user asked this question and it was answered, however, the user was asking in the context of his own website where he was able to change the code.
    I am unable to change the code for this website but would like to disable this message and have Firefox remember my password for the user id I type in.
    Whenever I log onto a website via https (including my website), I get this message:
    Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, "continue" and "cancel".
    In order to connect with the website, I must click on "continue" each time I log onto the website. HOW do I permanently DISABLE this message?
    Chosen solution
    Firefox gives that error because the page is on HTTPS but your form action is HTTP:
    <form action="http://eclipse69forum.com/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
    Can you change that to HTTPS?

    There is a disconnect here: if the form is being submitted securely, then you would not get that message. So although you may be looking at an HTTPS address in the address bar, Firefox is warning you that your username and password are going to an HTTP address and being transmitted in the clear rather than being protected.
    That's definitely not the normal way to set up a login page. Do you want to give the URL of the problem login page to get specific comments? Without knowing more, it sounds as though it isn't designed for secure logins and you may be wasting your time accessing their login form using HTTPS.
    Anyway, to answer your question, I don't think there is a way to disable that warning.

  • Http and ftp protocol extremely slow (pop working well though)

    Hello. Starting today, on one of my macs, http and ftp protocol are extremely slow (page load 90 sec. instead of 2) (pop working well though). Provider finds nothing, on second mac all is fine (same cable, same settings … ). Cable connection, checked both sockets, changed cable, no change. Since pop3 protocol seems to work fine, this does look like a software problem to me. (Repaired permissions, no other tests or means. All used software up to date (OSX10.6.8 etc.))
    I'd be thankful for any idea.

    Not at all. Then I turned on NetBarrier, for testing and to avoid any damage (piece of software I don't employ in vain), and all slowed down again, but not quite as badly as before. Restarted, and now it seems back to normal with all extensions loaded. (I had done that before, obviously, and with no outcome, so it can't very well have been just that. But what?)
    I'll watch and learn, and report back; unless you have any further suggestions for the moment. Either way, thankyou very much so far.

  • Retreiving files over http or ftp.

    I was wondering what program I should use to retreive files over http or ftp. Previously I had used wget per my hosting provider's recommendation. It worked when I was ssh logged in to his server (via Mac Terminal). However, when I try using wget on my local Mac it says "command not found".

    Thanks. So if I specify a file name (-o /path/to/file), does the incoming file get renamed to that (and put in that location) or does this specify the directory (-o /path/to/directory) that the incoming file will go to? I wasn't quite clear on that.
    Also, I keep hearing about stdout. What is it exactly? I assumed it was just the Terminal window itself, the alternative being things like | more or | nano or something like that... Or am I totally up the wrong tree?

  • All website went "HTTP Error 404. The requested resource is not found."

    ''dupe of https://support.mozilla.org/en-US/questions/928117''
    all website went "HTTP Error 404. The requested resource is not found."
    this only happen in firefox (i'm using IE to post this question)

    A possible cause is security software (firewall,anti-virus) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
    Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
    See:
    *https://support.mozilla.org/kb/Server+not+found
    *https://support.mozilla.org/kb/Firewalls
    *http://kb.mozillazine.org/Error_loading_websites
    You can try to reset (power off/on) the router.

  • Diff between HTTP and FTP protocols

    Hi
    could u plz tell the diff between Http & FTP protocols
    With Regards
    venkat.

    Google for "HTTP vs FTP".
    You will get plenty of articalls

  • How do I default whole website to HTTPS?

    Hi all,
    How do I default whole website to HTTPS rather than HTTP?
    I imagine there is a setting to do in the .htaccess file - not sure what it is...
    === for a test - I tried this INSIDE just the folder to test called 'htest' - but did not work
    .htaccess.......
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} htest
    RewriteRule ^(.*)$ https://www.mysite.com/htest/$1 [R,L]

    Thanks Rob - that worked great!
    ALSO - what if I didn't use the one you sent sent but wanted to just put on 1 folder????
    How about for JUST 1 folder?
    - I tried this INSIDE just the folder to test called 'htest' - but did not work
    .htaccess.......
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} htest
    RewriteRule ^(.*)$ https://www.mysite.com/htest/$1 [R,L]

  • INDD files on Http or FTP

    We have a NAS storage device that hosts files using http protocol.
    When we upload .indd files to the server, and try to download them using http or ftp protocols, the browser freaks out and doesnt know what to do with them.
    Is this a known issue?  Should we be zipping them up and uploading them?
    Any help is appreciated.

    Nevermind, Http is the problem, not FTP.

  • How to retrieve the protocol (http / https) from WDJ application URL

    Hi All,
    In my WDJ component, I need to get the ServerName, Port and the protocol (http / https) from the WDJ application URL. I am able to get the server name and the port but unable to get the protocol. Any help would be highly appreciated.
    Code I am using is :
    String ServerName = WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerName();
    String port = WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerPort();
    Regards,
    Srinivas Sistu

    Hello,
    The interface ServletRequest has the following methods:
    getProtocol:  Returns the name and version of the protocol the request uses in the form protocol/majorVersion.minorVersion, for example, HTTP/1.1.
    getSchema: Returns the name of the scheme used to make this request, for example, http, https, or ftp. Different schemes have different rules for constructing URLs, as noted in RFC 1738.
    IWDRequest request = WDProtocolAdapter.getProtocolAdapter().getRequestObject();
    HttpServletRequest httpRequest = (HttpServletRequest) WDProtocolAdapter
           .getProtocolAdapter().getRequestObject().getProtocolRequest();
    String protocol = httpRequest.getScheme();
    String url = protocol + "://" + request.getServerName() + ":" + request.getServerPort();
    msgManager.reportSuccess(url);
    Regards,
    Jann Cortés

  • Weblogic 10.3: web service client enable HTTP/HTTPS connection reuse?

    hi all,
    i am writing an client app to call a web service, through a client proxy generated by jdeveloper/weblogic.
    My question is:
    for the weblogic web service client proxy, is it possible to enable HTTP/HTTPS connection reuse/pooling?
    i see there is many connection created when calling the web service (by command netstat)?
    thank you.
    lsp

    anybody can help?
    thanks

  • Mixed HTTP/HTTPS in one Struts-Application?

    Hello!
    I need to mix SSL (HTTPS)-Connection for Login and a few admin-pages and "normal" HTTP-Connections for most of my pages in my Struts-bases Webapplication.
    How can i handle this issue?
    Where can i get a detailled description of configuration an OC4J or Tomcat and Struts?
    regards
    Harald.

    Hello Frank!
    I tested sslstruts-example on standalone - tomcat and standalone - oc4j with ssl and it worked using http- and https-port defined in tomcat or oc4j.
    My problem is, that my environment is a tomcat with apache webserver (mod_jk) or ias (apache with oc4j mod_oc4j).
    What Port-Numbers do you usein struts-config.xml in this scenario (HTTP/HTTPS-Port from Apache Webserver)?
    regards
    Harald.

  • Executing ABAP Report- No memory for processing HTTP, HTTPS or SMTP query

    Hello experts,
    I am getting same error while running ABAP Report- /OSP/TRIGGER_LEAVE_SCHEDULER
    Error-
    No memory for processing HTTP, HTTPS or SMTP query .
    Please help.
    Regards,
    Shashank

    Hello
    This should solve it
    1562539 - No memory for processing HTTP, HTTPS, or SMTP queries.
    Thanks
    Alagappan

  • Unable to connect to the Exchange server using HTTP/HTTPS protocol.

    hi,
    i try to connect microsoft exchange server, but it give me
    error
    Unable to connect to the Exchange server using HTTP/HTTPS
    protocol.
    my code is pasted below............
    <!--- connection parameters --->
    <cfparam name="user1" default="uHRH">
    <cfparam name="user2" default="uHRH">
    <cfparam name="password" default="uHRH">
    <cfparam name="exchangeServerIP" default="192.168.0.1">
    <cftry>
    <!--- Open a connection to the exchange server by
    specifying the required user credentials --->
    <cfexchangeConnection
    action="open"
    username ="#user1#"
    password="#password#"
    server="#exchangeServerIP#"
    <!--- protocol = "http"--->
    connection="conn1">
    <cfoutput>Connection to exchange server
    "#exchangeServerIP#" established</cfoutput>
    <!--- Close connection to exchange server --->
    <CFExchangeConnection
    action="close"
    connection="conn1">
    <cfoutput>Connection to exchange server
    "#exchangeServerIP#" terminated</cfoutput>
    <!--- Error Information --->
    <cfcatch type="any">
    <cfoutput>#cfcatch.message#</cfoutput>
    </cfcatch>
    </cftry>
    if any one know how to solve this error?

    Hi,
    The "<cfexchangeConnection>" tag supports both "HTTP"
    and "HTTPS" connection.. So Please make sure the username has the
    "Outlook Web Access".
    Also try removing the <!--- protocol = "http"--->
    comment which you placed inside the "<cfexchangeConnection>"
    tag.

  • Load balancing Http/https requests of SRM

    Hi all,
    we are on SRM 5.0 with CI and one DI , we don't have any web dispatcher for routing http/https requests.
    Currently CI is flooded with all requests and DI is sitting idle no routing  is  going on.... and users are experiencing Time out expceptions ...
    we  have configured SMLG  and services in SICF have group assigned...
    we have BI portal where users log in and  access all SRM web applications like shopping cart, invoice....
    Please suggest how to handle the load balancing of http/https requests with message server...
    Thanks,
    Subhash.G

    Thanks

  • How the balance works for http/https in CSS?

    I want to understand how the balance works for http/https in the CSS.
    As per doc,
    - http/1.0=single URL per TCP connection
    - http/1.1=persistent connection.
    Q1. my understanding is http is stateless connection so needs TCP session for each URL. how the http/1.1 works with persistent. keep the same TCP session for a multiple URL request?
    Q2. https is using single URL and continue processing until terminate the https instead of open another URL in the middle of transaction. in this case, I think the client can stick into same service based on the assumption the CSS support persistent. if then, no advanced sticky(ex, srcip) required?
    Q3. looks below both are analogy. what's difference between them?
    - balance srcip(same src IP to the same service)
    - advanced-balance sticky-srcip
    Q4. what's balance decision mechanism for "balance roundrobin" to distribute evenly? ex, in case of multiple URL request coming from same client. evenly distribute URLs?
    Regards,

    Hello,
    first let me clarify 1 point.
    HTTP/HTTPS are standards that are defined in RFC.
    For HTTP/1.1 you can check the following RFC
    http://www.faqs.org/rfcs/rfc2616.html
    Therefore, the behavior of HTTP 1.1 is not defined by the CSS.
    Q1- HTTP/1.1 simply keeps 1 TCP connection to send a received mutiplie HTTP request/response.
    HTTP/1.0 will open 1 TCP connection for every HTTP request.
    Q2- HTTPS is just HTTP over SSL.
    So basically the same rule as above applies.
    HTTP/1.1 can use 1 SSL connection for many HTTP request/response while HTTP/1.0 will use 1 SSL connection for each HTTP request.
    Therefore, if you have customer using HTTP/1.0 you need some form of stickyness to guarantee that every connections will go to the same server.
    Even if only using HTTP/1.1 you may need stickyness.
    A user could disconnect and reconnect and require to be loadbalanced to the same server as before.
    Q3- There is a big different between balance srcip and sticky-srcip.
    The balance srcip simply hash the source ip address to find the destination server.
    The problem of this method is that the loadbalancing is not guarantee to be evenly distributed between the servers.
    With sticky-srcip, you use a normal balance method like round-robin, and then you create a sticky entry in a sticky table.
    Next time this user comes back we first check the sticky entry to find the destination server.
    The advantage is that it guarantess your users will be evenly distributed among the server.
    Q4- roundrobin is applied to connection - not url [by default].
    So if you have 2 users and they both open 1 connection, the CSS will send 1 connection to 2 different servers.
    So each server has 1 connection.
    If one user sens 10 URL and the other 1 sends only 1, one server will have 10 url to process while the other only one.
    That's if you are using HTTP/1.1 and use persistent mode on the CSS.
    You can break persistency and split the url.
    I run out of space and time to explain you everything.
    I suggest you go read the RFC or a book on HTTP.
    Also read the CSS configuration guide.
    There is much more you need to know if you want to take full advantage of the CSS like cookie, ssl offloading, L7 rules vs L3/4 rules, ...
    Regards,
    Gilles.

Maybe you are looking for

  • Text Recognition not available for PDF.

    Hi, I am trying to perform OCR on a document that was scanned and my Text Recognition options are greyed out. The document isn't restricted and the security options are all turned off. What is making my document unable to be recognised? Here is a lin

  • ITunes Radio My Stations View Style How can I display my stations as a list, or small icons?

    I can't find where in the interface to control the View Style, so that my Stations show as a list, vs as Large Icons. At minimum, if List View is not available, I would want to show small icons. Very inefficient. Plus, I already see that some lists,

  • Tooltip - How to arrange

    Hi,  I'm create a Master page that have a Tooltip on it, this wedget shows a large rectangle fill out with text when mouse hover the tooltip container.  Now I'm trying to arrange it to front so it can be view in top of any item on all my site pages.

  • Importing .dv file problem

    Hi I'm using MPEG Streamclip to convert the .rec file on my DVR to a .dv file. The .rec file on my DVR is 2.5 Gig, after the conversion to .dv it's a huge 11.36 Gig. Any way the problem is it won't import into imovie I get a "unknown error" message H

  • MacBook Pro speed problems and strange behaviour

    Hi all, The last few weeks I experienced a serious performance fall back of my MacBook Pro (sometimes it takes minutes to open a simple application like Safari, or show the content of a folder). So yesterday I decided to address this problem. This is