cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
0
Helpful
3
Replies

Cisco ASA firewall to read the x-forwarded packets

Shine Sudheesh
Level 1
Level 1

Dear Team,

We are planning to implement DLP solution in our infrastructure and the DLP solution will act as an proxy to the internet traffic.
In this case , DLP solution will x-forward the traffic to internet with original IP address as adding an header in the packet field , so we want to check whether this feature is supported in Cisco ASA firewall to read the x-forwarded packets from DLP solution.

Br,

Shine

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame
Cisco ASA firewall to read the x-forwarded packets 

Not sure what is the use case here for the ASA need to know x-forward address, Most cases when you proxy the traffic the ASA see Proxy IP as source address (most cases)  and make decision what is to be done based on the sources in simple ASA deployment.

unless you have other modules like IPS or any http inspection enabled.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dear Balaji ,

Thanks for your reply.

Just one question , will the ASA can pull the original client IP from the x-forwarded packets.

We have ACP rules based on the original IP.

What Information does your DLC Proxy sent to ASA is very important.

ASA it self can not see  that inside IP information (personally i believe) - until you decrypt inside information.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card