Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1254
Views
0
Helpful
3
Replies

Conditional policy on ASA - is it possible

osimonov1
Level 1
Level 1

‎09-05-2014 08:29 AM - edited ‎03-11-2019 09:42 PM

Is it possible to configure a conditional policy on ASA, for example - I have 3 interfaces Inside, Proxy and Outside. All http/https traffic from the inside users ig going to Proxy (and passed to Outside thereafter). The rule explicitly blocks direct http/https traffic from Inside to Outside. Can I create a rule that enables (or disable deny statement) for http/https traffic in case a Proxy device is not available (let's say IP SLA probe detects it is down)?

 

Thank you

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-07-2014 07:36 PM

How are you directing traffic to the proxy? if it's via routing your can make the route track an IP SLA operation.

0 Helpful

osimonov1
Level 1
Level 1
In response to Marvin Rhoads

‎09-09-2014 01:53 PM

The clients are configured with 'auto detect proxy settings', i.e. internet exporer users. The users cannot go directly because of ACL. I want this ACL disabled once proxy is not reachable.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to osimonov1

‎09-09-2014 04:29 PM

I don't believe you can directly modify an access-list in response to an ip sla operation. You may be able to use Embedded Event Manager (EEM) to accomplish this however.

Here's a link to the EEM section of the ASA configuration guide (requires ASA 9.2(1) or later).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card