Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4799
Views
5
Helpful
3
Replies

bypass proxy with url on different port

Go to solution
Neetu Bhushan
Level 1
Level 1

‎07-08-2014 09:57 PM - edited ‎03-11-2019 09:26 PM

Hi All,

I have been told on my web filtering symantec cloud support, that they can't allow to access http://ip-address:89.  Symantec advise/told me to bypass this address in the proxy.

How do I do that with cisco asa 5515x if proxy is on the cloud and I never had experience also bypassing on a proxy locally?  Symantec proxy address is proxy2.us.webscanningservice.com and port is 3128.  Is it possible to just bypass that particular ip address above or the whole workstation, if the whole workstation then it's not good, for there will be no filtering on that workstation going to happened.

My configuration right now is that I have internal interface (called vlan192) and all other vlans connect to it, and it can get internet.  

Before I was using websense, but websense cease to function most of the time, I wasted paying them almost 5k last year.  Websense have the most stupid license limitation ever...  And I don't know if it can filter the above url problem or not, since I said websense all the time cease to function if license exceeded.  My license is 100 ip, yup their license is on the ips, not on the user, so even if my user is only 20, imagine they have all smart phone or blackberry, that will count double, plus 20 server or guess in the company.  But still 100 license should still work with websense and just cease to function on the exceeding ip and not for all.

 

Please help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
daljitsingh
Level 1
Level 1
In response to Neetu Bhushan

‎07-09-2014 07:41 PM

first you need to find the  ACL name on  ASA  which is being being used to control the internet access.

Let say web traffic  deny ACL number is 100 and you can add  with line  number 90 on top of this.

access-list  INSIDE_OUT line 90  extended permit tcp  any  host x,x,x,x eq 89 

 

"How to bypass proxy in window 7" you can search the same on google.

You will get step by step detail.

 

Hope this help.

 

 

 

 

 

Regards

Daljeet Singh 

View solution in original post

3 Replies 3

Go to solution
daljitsingh
Level 1
Level 1

‎07-08-2014 10:13 PM

Hi Neetu,

 

If  i understand correct then you are using cloud proxya and sending all internet traffic to Symantec for internet access and you need to bypass this URL in ASA.

I worked on similar issue with differnet proxy vendor.

 I believe you have an ACL on ASA which allow web traffic outside only destination to  Symantec proxy server.  If yes then first thing you need to add another ACL on top of this ACL to allow internal network traffic to destination  ip-address on port 89.

Also make sure you have routing in place for this outside IP from internal NW to outside.And on client machine add this IP in bypass proxy list.  Hope this helps.  please let me know if i misunderstood the quetsion and Scenario.

 

Thanks

 

Regards

Daljeet Singh

 

0 Helpful

Go to solution
Neetu Bhushan
Level 1
Level 1
In response to daljitsingh

‎07-09-2014 08:53 AM

Hi Daljeet,

Can you give me example of ACL with an ip-address:89 on ASA to allow it on top?

And how do I put this bypass proxy address on the client or windows 7?

 

Thanks and more power!

 

0 Helpful

Go to solution
daljitsingh
Level 1
Level 1
In response to Neetu Bhushan

‎07-09-2014 07:41 PM

first you need to find the  ACL name on  ASA  which is being being used to control the internet access.

Let say web traffic  deny ACL number is 100 and you can add  with line  number 90 on top of this.

access-list  INSIDE_OUT line 90  extended permit tcp  any  host x,x,x,x eq 89 

 

"How to bypass proxy in window 7" you can search the same on google.

You will get step by step detail.

 

Hope this help.

 

 

 

 

 

Regards

Daljeet Singh 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card