https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194372#M418331 <HTML><HEAD></HEAD><BODY><P>First of all, you need to make sure your MS ISA server can access the internet, such as NAT, ACL config.</P><P>Second, make sure your internal user can access MS ISA in DMZ. Since internal user has high security level, they should be abel to access DMZ by default unless you have ACL configured to control outgoing traffic. </P><P></P><P>Cut-through is for authentication purpose.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502</A></P></BODY></HTML> Fri, 27 Feb 2009 22:35:37 GMT Yudong Wu 2009-02-27T22:35:37Z https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194369#M418328 <P>The customer's proxy server is MS ISA. After http and https proxies are added on ASA, will the end users have to configure their web browser to use proxy? or they don't, the ASA just intercepts the web traffics and redirect them to proxy server?</P><P></P><P>Thanks</P><P>Jon</P> Fri, 21 Feb 2020 11:19:05 GMT https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194369#M418328 xiaoliangyue 2020-02-21T11:19:05Z https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194370#M418329 <HTML><HEAD></HEAD><BODY><P>Do you mean Cut-through proxy on ASA? If yes, it's different from web proxy. I don't think ASA has "web proxy server" feature. So, if you need web proxy for users, their web browser should still point to MS ISA.</P></BODY></HTML> Wed, 25 Feb 2009 23:15:03 GMT https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194370#M418329 Yudong Wu 2009-02-25T23:15:03Z https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194371#M418330 <HTML><HEAD></HEAD><BODY><P>Thanks, Kevin.</P><P></P><P>So if I deploy a MS ISA in a DMZ, the users' web browser need to point to MS ISA. do I need to configure sth special? this DMZ's security level is between inside interface and outside interface.</P><P></P><P>How does the cut-through on ASA work? I never used it.</P></BODY></HTML> Fri, 27 Feb 2009 19:51:43 GMT https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194371#M418330 xiaoliangyue 2009-02-27T19:51:43Z https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194372#M418331 <HTML><HEAD></HEAD><BODY><P>First of all, you need to make sure your MS ISA server can access the internet, such as NAT, ACL config.</P><P>Second, make sure your internal user can access MS ISA in DMZ. Since internal user has high security level, they should be abel to access DMZ by default unless you have ACL configured to control outgoing traffic. </P><P></P><P>Cut-through is for authentication purpose.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502</A></P></BODY></HTML> Fri, 27 Feb 2009 22:35:37 GMT https://community.cisco.com/t5/network-security/proxy-config-on-asa/m-p/1194372#M418331 Yudong Wu 2009-02-27T22:35:37Z