cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

837
Views
0
Helpful
3
Replies
Highlighted
Beginner

Conditional policy on ASA - is it possible

Is it possible to configure a conditional policy on ASA, for example - I have 3 interfaces Inside, Proxy and Outside. All http/https traffic from the inside users ig going to Proxy (and passed to Outside thereafter). The rule explicitly blocks direct http/https traffic from Inside to Outside. Can I create a rule that enables (or disable deny statement) for http/https traffic in case a Proxy device is not available (let's say IP SLA probe detects it is down)?

 

Thank you

3 REPLIES 3
Highlighted
Hall of Fame Guru

How are you directing traffic to the proxy? if it's via routing your can make the route track an IP SLA operation.

Highlighted

The clients are configured with 'auto detect proxy settings', i.e. internet exporer users. The users cannot go directly because of ACL. I want this ACL disabled once proxy is not reachable.

Highlighted

I don't believe you can directly modify an access-list in response to an ip sla operation. You may be able to use Embedded Event Manager (EEM) to accomplish this however.

Here's a link to the EEM section of the ASA configuration guide (requires ASA 9.2(1) or later).

Content for Community-Ad