cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
0
Helpful
2
Replies

WSA Deployment with existing MS TMG Proxy Server

ngtransge
Level 1
Level 1

Hello,

I am interesting if it is possible to deploy WSA in front on MS TMG server.  So from user perspective first will be TMG server and second will be WSA. USER LAN ---à TMG --à WSA---à.INTERNET.

If it is possible, how authentication will be handled ?

2 Replies 2

I don't know if TMG and deal with an upstream proxy, but presumably, the TMG would auth the user, then the request would be handled by the WSA, and you wouldn't require the TMG to auth to the WSA...

I do know that the WSA can be configured to use an upstream proxy, from the menu Network>Upstream Proxy.  In that case, have the users auth to the WSA and then have the TMG trust any connections from the WSA...

Trying to do auth on both just sounds like you're looking for a world of complications...

Luis Silva Benavides
Cisco Employee
Cisco Employee

Hi,

It seems that that MS server does FW/IPS and other features.. so why don't you place the WSA between the MS server and the end users? I think it will work better since I also noticed that this server can also persom NAT.

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva