Solved

Best open srouce Transperent Proxy to be used along with Cisco ASA5505

Posted on 2014-09-11
5
198 Views
Last Modified: 2014-10-20
Hi Experts,

My set up would be as follows;


```````````````````````````````````````````````````````````````
Public <<>> Cisco ASA <<>> (eth0)Transparent Proxy(eth1) <<>> Client
                                                                                                             >> Server(HTTP)
```````````````````````````````````````````````````````````````

`````````````````````````````````````
ASA outside: x.x.x.x
ASA inside: 192.168.1.254

Proxy eth0: 192.168.1.253
eth0 gateway: 192.168.1.254
Proxy eth1: Bridge

Client IP: 192.168.1.10
Client Gateway: 192.168.1.254
DNS: Internal DNS server + ISP DNS

Server IP: 192.168.1.11
Server Gateway: 192.168.1.254
DNS: Internal DNS server + ISP DNS
````````````````````````````````````
My requirements:
1. Client should be able to brows the Internet through the proxy
2. HTTP traffic should be able to forward to the internal web server

I have tried several open source products such as Zentyal, Untangle, but so far it's didn't work.
Can you please advise me on this ? Any recommendations/Howtos on anything products ?

Thanks a lot for your time !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40318751
If it were my project, I would buy Websense - and itegrate that with the ASA (I do like websense,  but some find it a little expensive) the ASA traditionally only supports N2H2 and Websense, but that does NOT stop you deploying another proxy filtering solution behind the firewall and pointing your internal clients at that.

I'd NOT recommend anyhting WCCP based, they always tend to be a bit clunky (sorry Cisco).

PL
0
 
LVL 2

Accepted Solution

by:
vpnttg earned 250 total points
ID: 40318911
Please check “Cisco ASA and Squid with WCCP2”:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
0
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 40318947
Please describe HTTP traffic should be able to forward to the internal web server .It is not clear
0
 
LVL 7

Expert Comment

by:unfragmented
ID: 40318963
seconding squid and wccp.  For free/open source its pretty hard to beat.
0
 

Author Closing Comment

by:Shakthi777
ID: 40391409
Thanks !
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question