Solved

how do i configure ASA5505  to control certain ip addresses to go thru proxy server for http traffic?

Posted on 2009-04-13
4
933 Views
Last Modified: 2013-11-22
Hi,

How do i configure ASA5505 to control certain ip address to go thru only proxy server for http traffic.My purpose is to restricts users not go to internet with out proxy server.

Gogul
0
Comment
Question by:gogulkar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 24134479
by default, the user are not suppose to be able to access http traffic through modem, but if they do.

you can simply drop a denied access to the internet router.

for example if internet router is 192.168.1.1, use:
#access-list inside_access_in extended deny tcp any 192.168.1.1 eq 80
#access-group inside_access_in in interface inside
OR
#access-list outside_access_out extended deny tcp any 192.168.1.1 eq 80
#access-group outside_access_out out interface outside
0
 
LVL 5

Expert Comment

by:shirkan
ID: 24138134
simply add to the inside access-list

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 deny tcp any any eq 80
....
...
...
permitting the proxy first to go to the internet via port 80 and
then blocking everyone else from doing so
keeping in mind you proxy may need more ports for e.g. https/443 or socks/1080
or any other port it needs to function correctly (updates etc)
line 2 will then become 3 or 4 depending on what ports u need in addition - e.g.

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 permit tcp host (IP of your proxy) any eq 443
line 3 permit tcp host (IP of your proxy) any eq 1080
line 4 deny tcp any any eq 80
0
 

Author Comment

by:gogulkar
ID: 24149119
Hi ,

Sorry i forgat to mention my actual purpose,i configured proxy server not to download files but users can browse website,so that i want those users who are not allowed to download files need to go thru proxy server other can go directly.
0
 
LVL 5

Accepted Solution

by:
shirkan earned 500 total points
ID: 24160338
Your proxy server should be able to do that. Give some users the right to download and others not.
On the firewall you can only control that if you use static ip addresses on your client computers. Example: The users that get addresses assigned by a DHCP server, Block that range on the firewall, so they can only use the proxy. The other users that should go to the internet without restrictions, you just put their static ip address in your access-list , so they dont have to use the proxy.
The ASA is not designed for application layer control. So for things like that you have to use a proxy server with the capabilities you need.

I hope that helped
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question