cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8135
Views
0
Helpful
5
Replies

ASA as proxy sever

digvijay.p2013
Level 1
Level 1

Hi

Can ASA act as a proxy server?

I dont want to redirect the traffic to third party proxy but ASA should be able to do this.

Please share any technical document for configuration.

Regards,

Digvijay

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

https://supportforums.cisco.com/thread/2177044

Read that and if you still have any questions you can let us know

Hope that I could help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

can you please explain me how it will work with help of scansafe cloud and can you share any configuration document for the same

Hello,

Basically all traffic will be transparently send to the ScanSafe cluster so the traffic can be inspected and then based on some rules it will be permited or denied,

The users will not know they are using a proxy

Read the following blog for extra information

http://nat0.net/cisco-asa-v9-0-software-released/

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

You do NOT need version 9.x to do this task.  Version 8.3 or 8.4 will do the trick.  Search google for the paper title "

Implementing ScanSafe Web Security for Public Wi-Fi Hotspots Using a Cisco ASA Firewall" and will show you to to integrate with Scansafe.  Basically the ASA will function just like proxy

http://www.google.com/url?q=http://tr.comstor.com/documents%3FdocumentId%3D40684%26filename%3DASA_WiFi_Config.pdf&sa=U&ei=hEJaUZCtKKTL0QHthoGICQ&ved=0CB8QFjAC&usg=AFQjCNFn7ga7qsbdyz-_Yn7mb9RrJo_ZBA

the downside is that if someone setup a gambling web site using https (aka SSL), I don't know if scansafe can stop that because it is encrypted.  Scansafe might be able to do URL filtering but not content security because the payload is encrypted.

I never said 9.0, I just provided a link with the configuration that makes reference to 9.0...

It makes reference to 9.0 because we changed the entire configuration on that version (9.0)  as you will not need to us a Destination NAT to redirect the traffic to the Scansafe Cluster,

We highly recommend to use this feature with the easy new sintax as that is the easiest way to configure it and future versions will only support that one,

If we are talking about links, here is the one

https://supportforums.cisco.com/docs/DOC-29676

And scansafe can handle SSL

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card