URL Filtering implies to have a Web Sense Server or a Secure Computing SmartFilter Server  and WCCP doesn't propose to redirect traffic toward a specifc IP + Port so i think its not possible to achieve what i want or maybe I don't understand those two features ?

Thanks.

No possibilities ?

ASA does not currently support transparent proxy feature, however, it is in the roadmap.

After reading your post, you mention that some has explicit proxy settings, and some doesn't, hence you would like to redirect on the ASA if it's possible.

The easiest workaround:

- Block all outbound HTTP/HTTPS access on the ASA, except outbound from the proxy ip address. This will ensure that everyone else can't get to the Internet but via the proxy.

- Once you have implemented that, I am sure they learn that the only way to get internet access is via the proxy.

Second option is to use ASA DNAT feature (supported from ASA version 8.3 onwards). Your scenario of redirecting it after it gets out will definitely not work. I am thinking more on redirection on the inside interface - but I have never tested it.

Assuming that your internal network is 10.1.1.0/24, proxy server: 10.1.1.10:

object network obj-internet

     subnet 0.0.0.0 0.0.0.0

object network obj-10.1.1.0

     subnet 10.1.1.0 255.255.255.0

object network obj-proxy

     host 10.1.1.10

object service original-http

     service tcp destination eq www

object service proxy-8080

     service tcp destination eq 8080

nat (inside,inside) source static obj-10.1.1.0 obj-10.1.1.0 destination static obj-internet obj-proxy service original-http proxy-8080

same-security-traffic permit intra-interface

Again, I have never tested DNAT in and out the same interface, but in theory, it should work.

Let me know your thoughts.

Ok.

I'am using ASA v8.2, Are you sure DNAT isn't supported ?

Thanks.

YUP, 100% sure DNAT is not supported in 8.2