09-05-2014 08:29 AM - edited 03-11-2019 09:42 PM
Is it possible to configure a conditional policy on ASA, for example - I have 3 interfaces Inside, Proxy and Outside. All http/https traffic from the inside users ig going to Proxy (and passed to Outside thereafter). The rule explicitly blocks direct http/https traffic from Inside to Outside. Can I create a rule that enables (or disable deny statement) for http/https traffic in case a Proxy device is not available (let's say IP SLA probe detects it is down)?
Thank you
09-07-2014 07:36 PM
How are you directing traffic to the proxy? if it's via routing your can make the route track an IP SLA operation.
09-09-2014 01:53 PM
The clients are configured with 'auto detect proxy settings', i.e. internet exporer users. The users cannot go directly because of ACL. I want this ACL disabled once proxy is not reachable.
09-09-2014 04:29 PM
I don't believe you can directly modify an access-list in response to an ip sla operation. You may be able to use Embedded Event Manager (EEM) to accomplish this however.
Here's a link to the EEM section of the ASA configuration guide (requires ASA 9.2(1) or later).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: