Solved: ASA5520

mkashifashraf · ‎01-20-2011

how can we block proxy address x.x.x.x..in ASA5520. Means some smart users entered in their browser proxy (same proxy ISP provided) with port 8080.

Then their traffic bypass our Firewall.

What was the solution with ASA5520.

Waiting for quick response.

Kureli Sankar · ‎01-20-2011

Ashraf,

Do you have an ACL applied on the inside interface? You probably don't that is the reason all these connections destined to port 8080 are allowed. You may want to restric what traffic leaves the firewall so, you can block this proxy IP and port 8080 in that ACL. May sure to allow what you need to allow or the implicit deny any any will block everything.

example:

access-list inside-acl deny tcp any host p.p.p.p eq 8080 (where p.p.p.p is the proxy ip that people are using in the browser to bypass)

access-list inside--acl per tcp any any eq 80

access-list inside-acl per udp any any eq 53

..

allow what ever else you need to allow and apply the acl on the inside interface.

aceess-g inside-acl in int inside

-KS

View solution in original post

handsy · ‎01-20-2011

To be clear, you want to block any source from accessing a specific destination and port?

That port being TCP 8080?

If so, then a simple ACL on your incoming interface will be sufficient, e.g.

access-list proxy-blocker deny tcp host eq 8080

Kureli Sankar · ‎01-20-2011