Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how do i configure ASA5505  to control certain ip addresses to go thru proxy server for http traffic?

Posted on 2009-04-13
4
Medium Priority
?
949 Views
Last Modified: 2013-11-22
Hi,

How do i configure ASA5505 to control certain ip address to go thru only proxy server for http traffic.My purpose is to restricts users not go to internet with out proxy server.

Gogul
0
Comment
Question by:gogulkar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24134479
by default, the user are not suppose to be able to access http traffic through modem, but if they do.

you can simply drop a denied access to the internet router.

for example if internet router is 192.168.1.1, use:
#access-list inside_access_in extended deny tcp any 192.168.1.1 eq 80
#access-group inside_access_in in interface inside
OR
#access-list outside_access_out extended deny tcp any 192.168.1.1 eq 80
#access-group outside_access_out out interface outside
0
 
LVL 5

Expert Comment

by:Markus Braun
ID: 24138134
simply add to the inside access-list

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 deny tcp any any eq 80
....
...
...
permitting the proxy first to go to the internet via port 80 and
then blocking everyone else from doing so
keeping in mind you proxy may need more ports for e.g. https/443 or socks/1080
or any other port it needs to function correctly (updates etc)
line 2 will then become 3 or 4 depending on what ports u need in addition - e.g.

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 permit tcp host (IP of your proxy) any eq 443
line 3 permit tcp host (IP of your proxy) any eq 1080
line 4 deny tcp any any eq 80
0
 

Author Comment

by:gogulkar
ID: 24149119
Hi ,

Sorry i forgat to mention my actual purpose,i configured proxy server not to download files but users can browse website,so that i want those users who are not allowed to download files need to go thru proxy server other can go directly.
0
 
LVL 5

Accepted Solution

by:
Markus Braun earned 1500 total points
ID: 24160338
Your proxy server should be able to do that. Give some users the right to download and others not.
On the firewall you can only control that if you use static ip addresses on your client computers. Example: The users that get addresses assigned by a DHCP server, Block that range on the firewall, so they can only use the proxy. The other users that should go to the internet without restrictions, you just put their static ip address in your access-list , so they dont have to use the proxy.
The ASA is not designed for application layer control. So for things like that you have to use a proxy server with the capabilities you need.

I hope that helped
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question