cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2181
Views
0
Helpful
3
Replies

ASA with IronPort Web Filtering

fedecotofaja
Level 1
Level 1

Hi All,

I just want to know why there's not an option to redirect web traffic to the IronPort WebFiltering appliance from the ASA (like it works with Websense or Smartfilter N2H2).

The ASA can specify only those two vendors and not the IronPort (which now is Cisco):

ASSA(config)# url-server (inside) vendor ?

configure mode commands/options:

smartfilter Secure Computing SmartFilter (N2H2) URL server

websense Websense URL server

The only options to configure the IronPort WebFiltering appliance is to manually configure the browser on the client to send the web traffic to the proxy, or to use WCCP (which is not supported on ASAs).

So my question is:

Why is not an option to redirect web traffic from the ASA to the IronPort WebFiltering appliance?

Thank you All!

3 Replies 3

pmccubbin
Level 5
Level 5

If you use ASA 8.04 software, then you will be able to redirect web traffic to the IronPort Webfiltering appliance. This is a new feature in 8.x on the ASA.

Hope this helps.

Hi,

I am running the ASA with version 8.04, but I don't see the feature that you mention....

Look at the config....

ASA5505(config)# url-server (inside) vendor ?

configure mode commands/options:

smartfilter Secure Computing SmartFilter (N2H2) URL server

websense Websense URL server

ASA5505(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)

Compiled on Thu 07-Aug-08 20:53 by builders

System image file is "disk0:/asa804-k8.bin"

Config file at boot was "startup-config"

The system is running version 8.04 but the only vendors listed under the URL servers are the same as before....

I know that since the 7.2 version, the ASA is now able to work with WCCP which is another option to redirect web traffic to the IronPort, but what is the new feature in version 8.04 that you're referring to?

Thank you.

Federico.

wccp is supported on the ASA, atleast in version 8, I've used it to redirect traffic to Ironport web boxes :

wccp 91 redirect-list wccp

wccp interface inside 91 redirect in

access-list wccp extended permit ip any any

The rest of the config - what ports to redirect is done when creating the wccp service 91 in the ironport.

Review Cisco Networking for a $25 gift card