Infrastructure : Internet FW <--> IPS <--> Core SW
RA vpn users terminate on FW and currently split-tunneling is in place.
Adding a Bluecoat proxy in Transparant mode -main purpose is for intercepting 'https' requests from internal client for DLP (Data Loss prevention). Not intersted in Webfiltering. So the infrastructure after proxy...
Internet FW <--> IPS <--> Tranparant Proxy <--> Core SW
1. Is it better place to add the proxy?
2. Current proxy does not have enough ports to add FW DMZ inline. Is it normal practice to add DMZ (with servers, no user PCs) to Proxy?
3. Now if Split-tunneling is removed and force the VPN clients to use organization Internet, when the RA vpn users terminate on FW, does their internet
requests still pass thru proxy? If not how to make them pass thru proxy.
You might not want to do "route inside 0.0.0.0 0.0.0.0 tunnelled" because all traffic (inc. all protocols and ports) even though they are not supposed to be destined to the proxy will be routed to the proxy ip.
I believe that your proxy will only certain protocols, eg: http, https, ftp, etc, so if you configure the above tunnel default gateway for the vpn traffic, other applications eg: mail, dns, etc will be routed to the proxy server too.
Thanks again for quick reply. But here ASA will know internal network via OSPF. What syntax may work?.. route inside or route outside (for RA vpn users to use proxy for internet traffic). The BC is sitting 'inside' the ASA. Thanks again.
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...