https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949932#M918445 <HTML><HEAD></HEAD><BODY><P>The solution I proposed to you seems more simpler, but this is just my opinion.</P><P></P><P>You can also use the port-redirection method. However you would need a redirection for each service you want LAN users to access, like FTP, HTTPS etc.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sat, 14 Jun 2008 08:50:43 GMT Farrukh Haroon 2008-06-14T08:50:43Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949929#M918435 <P>Hi all,</P><P>I have an ASA 5540 and I would like to forward all HTTP traffic comming from LAN to my Proxy server on DMZ. This Proxy will filter the content and send the traffic back to ASA and ASA must forward to INTERNET (please check the attachment). </P><P>What should be the configuration on ASA to do this?</P><P>Thanks</P><P></P><P>Tauer</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 12:58:41 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949929#M918435 Tauer Drumond 2019-03-11T12:58:41Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949930#M918439 <HTML><HEAD></HEAD><BODY><P>Assuming LAN = 192.168.1.0 /24</P><P>DMZ = 172.16.16.0/24 </P><P>Outside = 172.17.17.0/24</P><P></P><P>PROXY SERVER = 172.16.16.16</P><P></P><P>access-list inside-in permit icmp 192.168.1.0 255.255.255.255 any </P><P>! you can be more specific with ICMP types</P><P>access-list inside-in permit tcp 192.168.1.0 255.255.255.255 host 172.16.16.16 eq 8080</P><P>access-list inside-in deny ip 192.168.1.0 255.255.255.255 any log</P><P></P><P>Please note if your PROXY is MS ISA, then you cannot run Secure NAT mode with one interface, you can only run Cache or Web Proxy mode I think.</P><P></P><P>access-list dmz-in permit ip host 172.16.16.16 any</P><P>! This can be made more secure by permitting </P><P>! only wanted protocols like http,https,ftp etc.</P><P></P><P>nat (dmz) 1 172.16.16.16 255.255.255.255</P><P>global (outside) 1 interface</P><P>! Static One to One NAT might be a better </P><P>! option, to keep 'no nat-control' active</P><P>I'm sure this has a lot of mistakes, its just a template.</P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P><P></P></BODY></HTML> Thu, 12 Jun 2008 19:56:13 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949930#M918439 Farrukh Haroon 2008-06-12T19:56:13Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949931#M918442 <HTML><HEAD></HEAD><BODY><P>Hi Farrukh,</P><P>Should I apply some port redirection?</P><P>All traffic on interface LAN to INTERNET on port 80 (HTTP) I do a port forward to PROXY on port 8080... </P><P>And all traffic on port 80 came from PROXY, I nat to outside interface.</P><P>Is that allright?</P></BODY></HTML> Fri, 13 Jun 2008 01:33:44 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949931#M918442 Tauer Drumond 2008-06-13T01:33:44Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949932#M918445 <HTML><HEAD></HEAD><BODY><P>The solution I proposed to you seems more simpler, but this is just my opinion.</P><P></P><P>You can also use the port-redirection method. However you would need a redirection for each service you want LAN users to access, like FTP, HTTPS etc.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sat, 14 Jun 2008 08:50:43 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949932#M918445 Farrukh Haroon 2008-06-14T08:50:43Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949933#M918447 <HTML><HEAD></HEAD><BODY><P>Hi, Set the client machines gateway IP of Proxy Server and the gateway of proxy server must be used ASA FW IP. As per my opinion, this is one of the simple and very good way. All please give your feedback in this regard.</P></BODY></HTML> Sat, 14 Jun 2008 17:53:26 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949933#M918447 ray_stone 2008-06-14T17:53:26Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949934#M918450 <HTML><HEAD></HEAD><BODY><P>RAY,</P><P></P><P>Yup I'll go with ray.</P><P>but I'll try all three methods.</P><P></P><P>Regards,</P></BODY></HTML> Sun, 15 Jun 2008 11:36:06 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949934#M918450 nomair_83 2008-06-15T11:36:06Z https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949935#M918452 <HTML><HEAD></HEAD><BODY><P>HI, </P><P>what should be the line configuration to all HTTP traffic coming from LAN and redirect to the PROXY on DMZ?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 17 Jun 2008 12:20:15 GMT https://community.cisco.com/t5/network-security/fowarding-inside-traffic/m-p/949935#M918452 Tauer Drumond 2008-06-17T12:20:15Z