Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Redirecting https traffic to proxy.

This thread has been viewed 5 times

  • 1.  Redirecting https traffic to proxy.

    Posted Jan 13, 2014 07:41 PM

    Hi,

    I want to redirect the https traffic to the ironport proxy.

    I configured one dst-nat to this traffic, but is not working.

    Anyone know how can I do this configuration?

    I have tested with ESI group too, but not worked too.

    I've read that dst-nat does not work with SSL.

    My SSID it's configured like tunel, 802.1x and the devices will be authenticateds by MSCHAP-V2.

    Kind Regards.



  • 2.  RE: Redirecting https traffic to proxy.

    Posted Jan 14, 2014 04:27 AM

    Might be worth trying to tranparently proxying the traffic.

    You can do this in different ways...

     

    - Set the default gateway for the VLAN that users are dropped into to be the proxy.

    - SRC-NAT the VLAN users are dropped into and have the default gateway on the controller point at the proxy.

     

    http://en.wikipedia.org/wiki/Proxy_server#Transparent_proxy

     

    Cheers

    J



  • 3.  RE: Redirecting https traffic to proxy.

    Posted Jan 14, 2014 10:51 PM

    What version of code are you running?

    I've configured an ESI group on 6.3.1.6 code to redirect http traffic worked great.

    ESI on 6.3.1.1 wasn't been able to get it working. 

     

    When you configure a DST-NAT or ESI have you captured any packets? What do the packet captiures showing?