cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
392
Views
0
Helpful
1
Replies
Highlighted

WSA P1 & P2 routing table

Hi,

i need some clarity on below scenario.
i want to Utilize M1, P1 & P2 interfaces in WSA S695.

Connectivity Setup.
M1 is set to out of band management.
Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)
Firewall gig1/2 IP 192.168.2.2/28------WSA P2 IP 192.168.2.1/28

P1 is using for inbound traffic from user machines to WSA.
P2 is using for outbound traffic to internet from WSA.

suppose if i want  identification based authentication for 10.0.0.0/23 clients for proxy, how to setup the routing table for P1 and P2.

P1 is connected to firewall for proxy traffic where clients traffic(explicit proxy) hitting to VIP address 192.168.1.3.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Expert

Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)

above one is not clear to me.  explain more.

 

i want to Utilize M1, P1 & P2 interfaces in WSA S695.  - this is standard setup

M1 for MGMT

P1 inside

P2 Outside - you setup this routing to go out.

 

suppose if i want identification based authentication for 10.0.0.0/23 clients for proxy,

there is 2 ways you can do here.

Option 1 :

 

You need to create identity profile with the subnet

create a access policy what action required, what is allowed and what is not allowed.

 

Option 2 :

 

If you have any other authentication based network like AD, you can use that as source and make access policy, which ever works for business.

 

deployment guide still valid for reference :

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smart-business-architecture/sba_webSec_dg.pdf

 

my blog has some videos for reference

 

https://www.balajibandi.com/?s=WSA&paged=3



BB


*** Rate All Helpful Responses ***

View solution in original post

1 REPLY 1
Highlighted
VIP Expert

Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)

above one is not clear to me.  explain more.

 

i want to Utilize M1, P1 & P2 interfaces in WSA S695.  - this is standard setup

M1 for MGMT

P1 inside

P2 Outside - you setup this routing to go out.

 

suppose if i want identification based authentication for 10.0.0.0/23 clients for proxy,

there is 2 ways you can do here.

Option 1 :

 

You need to create identity profile with the subnet

create a access policy what action required, what is allowed and what is not allowed.

 

Option 2 :

 

If you have any other authentication based network like AD, you can use that as source and make access policy, which ever works for business.

 

deployment guide still valid for reference :

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smart-business-architecture/sba_webSec_dg.pdf

 

my blog has some videos for reference

 

https://www.balajibandi.com/?s=WSA&paged=3



BB


*** Rate All Helpful Responses ***

View solution in original post

Content for Community-Ad