Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3234
Views
0
Helpful
2
Replies

Use egress IP when visiting specific site instead of CWS tower IP address.

Antony Paul
Level 1
Level 1

‎03-22-2018 11:30 AM - edited ‎03-08-2019 05:42 PM

Hello,

There is a website users connect to that only allows whitelisted IP addresses.  The issue we have is that when accessing the site they will be going via CWS and using a public IP address we have no control over.  Please can someone advise how we can configure CWS so that when users connect to example.com that website will see that they are coming from our own WAN IP (configured on a CIsco ASA 5525X) rather than any CWS IP address.

 

I tried adding the domain to our External Direct custom polciy list but that hasn't worked.  What is the correct way to handle this?

0 Helpful
2 Replies 2

Edan Mudachi
Cisco Employee
Cisco Employee

‎03-22-2018 12:53 PM

Hi Anthony,

   Here is a link to the ASA Connector deployment guide, look for the section labeled CWS Whitelisting.

 

https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/cws_asa_5500_asav.pdf

 

If you require further assistance, please open a TAC case.

 

Sincerely,

Edan Mudachi

0 Helpful

antonypaul
Level 1
Level 1
In response to Edan Mudachi

‎03-30-2018 12:51 AM

Thanks that is useful

0 Helpful
Customers Also Viewed These Support Documents