Link to home
Start Free TrialLog in
Avatar of gogulkar
gogulkarFlag for Singapore

asked on

how do i configure ASA5505 to control certain ip addresses to go thru proxy server for http traffic?

Hi,

How do i configure ASA5505 to control certain ip address to go thru only proxy server for http traffic.My purpose is to restricts users not go to internet with out proxy server.

Gogul
Avatar of ricks_v
ricks_v

by default, the user are not suppose to be able to access http traffic through modem, but if they do.

you can simply drop a denied access to the internet router.

for example if internet router is 192.168.1.1, use:
#access-list inside_access_in extended deny tcp any 192.168.1.1 eq 80
#access-group inside_access_in in interface inside
OR
#access-list outside_access_out extended deny tcp any 192.168.1.1 eq 80
#access-group outside_access_out out interface outside
simply add to the inside access-list

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 deny tcp any any eq 80
....
...
...
permitting the proxy first to go to the internet via port 80 and
then blocking everyone else from doing so
keeping in mind you proxy may need more ports for e.g. https/443 or socks/1080
or any other port it needs to function correctly (updates etc)
line 2 will then become 3 or 4 depending on what ports u need in addition - e.g.

line 1 permit tcp host (IP of your proxy) any eq 80
line 2 permit tcp host (IP of your proxy) any eq 443
line 3 permit tcp host (IP of your proxy) any eq 1080
line 4 deny tcp any any eq 80
Avatar of gogulkar

ASKER

Hi ,

Sorry i forgat to mention my actual purpose,i configured proxy server not to download files but users can browse website,so that i want those users who are not allowed to download files need to go thru proxy server other can go directly.
ASKER CERTIFIED SOLUTION
Avatar of Markus Braun
Markus Braun
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial