07-08-2014 09:57 PM - edited 03-11-2019 09:26 PM
Hi All,
I have been told on my web filtering symantec cloud support, that they can't allow to access http://ip-address:89. Symantec advise/told me to bypass this address in the proxy.
How do I do that with cisco asa 5515x if proxy is on the cloud and I never had experience also bypassing on a proxy locally? Symantec proxy address is proxy2.us.webscanningservice.com and port is 3128. Is it possible to just bypass that particular ip address above or the whole workstation, if the whole workstation then it's not good, for there will be no filtering on that workstation going to happened.
My configuration right now is that I have internal interface (called vlan192) and all other vlans connect to it, and it can get internet.
Before I was using websense, but websense cease to function most of the time, I wasted paying them almost 5k last year. Websense have the most stupid license limitation ever... And I don't know if it can filter the above url problem or not, since I said websense all the time cease to function if license exceeded. My license is 100 ip, yup their license is on the ips, not on the user, so even if my user is only 20, imagine they have all smart phone or blackberry, that will count double, plus 20 server or guess in the company. But still 100 license should still work with websense and just cease to function on the exceeding ip and not for all.
Please help!
Solved! Go to Solution.
07-09-2014 07:41 PM
first you need to find the ACL name on ASA which is being being used to control the internet access.
Let say web traffic deny ACL number is 100 and you can add with line number 90 on top of this.
access-list INSIDE_OUT line 90 extended permit tcp any host x,x,x,x eq 89
"How to bypass proxy in window 7" you can search the same on google.
You will get step by step detail.
Hope this help.
Regards
Daljeet Singh
07-08-2014 10:13 PM
Hi Neetu,
If i understand correct then you are using cloud proxya and sending all internet traffic to Symantec for internet access and you need to bypass this URL in ASA.
I worked on similar issue with differnet proxy vendor.
I believe you have an ACL on ASA which allow web traffic outside only destination to Symantec proxy server. If yes then first thing you need to add another ACL on top of this ACL to allow internal network traffic to destination ip-address on port 89.
Also make sure you have routing in place for this outside IP from internal NW to outside.And on client machine add this IP in bypass proxy list. Hope this helps. please let me know if i misunderstood the quetsion and Scenario.
Thanks
Regards
Daljeet Singh
07-09-2014 08:53 AM
Hi Daljeet,
Can you give me example of ACL with an ip-address:89 on ASA to allow it on top?
And how do I put this bypass proxy address on the client or windows 7?
Thanks and more power!
07-09-2014 07:41 PM
first you need to find the ACL name on ASA which is being being used to control the internet access.
Let say web traffic deny ACL number is 100 and you can add with line number 90 on top of this.
access-list INSIDE_OUT line 90 extended permit tcp any host x,x,x,x eq 89
"How to bypass proxy in window 7" you can search the same on google.
You will get step by step detail.
Hope this help.
Regards
Daljeet Singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide