Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1074
Views
0
Helpful
3
Replies

ASA5520 and Proxy server

ewong0088
Level 1
Level 1

‎03-02-2008 06:37 AM - edited ‎03-11-2019 05:11 AM

Hi All,

Is there such a thing as redirecting certain ports (for example, port 80) from ASA to a certain IP address that is a proxy server? What I am trying to do is to implement a transparent proxy server in our internal network. The flow is in a such a way that nothing internally change until outbound TCP 80 hits the firewall, then got redirected to the proxy server and go out. Not sure if ASA can do that? If not, how do one go about to implement a transparent proxy server while the firewall is ASA? (hardcode proxy server info on users browsers is not something I want to do for lots of other reasons).

Any help/advice is appreciated.

Labels:
0 Helpful
3 Replies 3

cisco24x7
Level 6
Level 6

‎03-02-2008 10:29 AM

I've been trying to get this scenario to

work with Pix and squid proxy server since

Pix OS version 6.2. To my knowledge, it is

NOT possible.

Other firewall vendors such as checkpoint

supports transparent proxy. If your firewall

is a freeware, linux iptables is perfectly

suitable for this.

The other alternative solution is that you

do NOT have to hardcode proxy server info

into users browsers. If you use Microsft

ISA proxy server, you can use Web Proxy

Auto Discovery (WPAD) that will make ALL

web traffics to hit the ISA server. There

is nothing to configure on the users

browsers.

Squid (proxy server on linux) also supports

WPAD as well, if I am not mistaken.

CCIE Security

0 Helpful

ewong0088
Level 1
Level 1
In response to cisco24x7

‎03-02-2008 03:20 PM

Thank you. It never comes across my mind that PIX/ASA can't do that while I am doing that each and everyday via ipchains and iptables. In the past, in a PIX/ ASA environment using Websense or N2H2 (cisco supports these two vendors for redirection) I don't have to worry about it. ANd now, changing vendor (I am having a proxy not because I want one, the proxy is doing filtering) and I am stuck. WPAD won't work with the new proxy server. Hmmm...the last thing I can try is bridging.

0 Helpful

cisco24x7
Level 6
Level 6
In response to ewong0088

‎03-02-2008 03:58 PM

May I ask what type of proxy you have in your

environment?

Most enterprise environment uses either:

1- MS ISA with load-balancer such as F5 BigIP

in front to load balance http/https traffics,

2- BlueCoat,

3- Squid Proxy (Most MSSPs will use this

because it's free),

Microsoft ISA and Bluecoat work with URL

filtering such as websense or N2H2 quite well.

To my knowledge, ISA and Bluecoat support

WPAD.

CCIE Security

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top