gogulkar
asked on
how do i configure ASA5505 to control certain ip addresses to go thru proxy server for http traffic?
Hi,
How do i configure ASA5505 to control certain ip address to go thru only proxy server for http traffic.My purpose is to restricts users not go to internet with out proxy server.
Gogul
How do i configure ASA5505 to control certain ip address to go thru only proxy server for http traffic.My purpose is to restricts users not go to internet with out proxy server.
Gogul
simply add to the inside access-list
line 1 permit tcp host (IP of your proxy) any eq 80
line 2 deny tcp any any eq 80
....
...
...
permitting the proxy first to go to the internet via port 80 and
then blocking everyone else from doing so
keeping in mind you proxy may need more ports for e.g. https/443 or socks/1080
or any other port it needs to function correctly (updates etc)
line 2 will then become 3 or 4 depending on what ports u need in addition - e.g.
line 1 permit tcp host (IP of your proxy) any eq 80
line 2 permit tcp host (IP of your proxy) any eq 443
line 3 permit tcp host (IP of your proxy) any eq 1080
line 4 deny tcp any any eq 80
line 1 permit tcp host (IP of your proxy) any eq 80
line 2 deny tcp any any eq 80
....
...
...
permitting the proxy first to go to the internet via port 80 and
then blocking everyone else from doing so
keeping in mind you proxy may need more ports for e.g. https/443 or socks/1080
or any other port it needs to function correctly (updates etc)
line 2 will then become 3 or 4 depending on what ports u need in addition - e.g.
line 1 permit tcp host (IP of your proxy) any eq 80
line 2 permit tcp host (IP of your proxy) any eq 443
line 3 permit tcp host (IP of your proxy) any eq 1080
line 4 deny tcp any any eq 80
ASKER
Hi ,
Sorry i forgat to mention my actual purpose,i configured proxy server not to download files but users can browse website,so that i want those users who are not allowed to download files need to go thru proxy server other can go directly.
Sorry i forgat to mention my actual purpose,i configured proxy server not to download files but users can browse website,so that i want those users who are not allowed to download files need to go thru proxy server other can go directly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can simply drop a denied access to the internet router.
for example if internet router is 192.168.1.1, use:
#access-list inside_access_in extended deny tcp any 192.168.1.1 eq 80
#access-group inside_access_in in interface inside
OR
#access-list outside_access_out extended deny tcp any 192.168.1.1 eq 80
#access-group outside_access_out out interface outside