Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
0
Replies

ASA + WSA AnyConnect client proxy and mail

Oleg Volkov
Spotlight
Spotlight

‎07-24-2014 06:16 AM - edited ‎02-21-2020 07:44 PM

I try to use WSA for AnyConnect users.
Now I configure next group-policy:

group-policy ANYCONNECT_PROXY_TEST internal
group-policy ANYCONNECT_PROXY_TEST attributes
 dns-server value 10.0.0.5 10.0.0.6
 vpn-simultaneous-logins 3
 vpn-filter value ANYCONNECT_PROXY_TEST_FILTER
 vpn-tunnel-protocol ikev2
 password-storage enable
 split-tunnel-policy tunnelall
 msie-proxy method use-pac
 msie-proxy pac-url value http://10.0.0.25/wpad.dat
 msie-proxy lockdown enable
 address-pools value POOL_ALL_10_ACCESS
 webvpn
  anyconnect keep-installer installed
  anyconnect ask enable

I do not enable dynamic nat for pool POOL_ALL_10_ACCESS.
Now AnyConnect client can view WEB pages through proxy (IronPort S170).
But I need allow acces to email by smtp, imap pop3.
What best practics for it?
I can enable dynamic nat for pool POOL_ALL_10_ACCESS and filtered all protocols except needed in the ACL ANYCONNECT_PROXY_TEST_FILTER
What I can do it by other way?
Thanks!

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents