Cisco Firewall :: 881W IP Configuring Auth Proxy

Apr 15, 2013

Platform: 881WIOS: C880-DATA-UNIVERSALK9-M 15.0(1)M3License:

I have tried both advsecurity and advipservices

Problem: Configuring an auth-proxy redirect on seccessful authentication,Cisco's documentation states that when you are configuring auth-proxy, you may specify a url in which the clients will be redirected to when successfully authenticated.

The command is:,ip admission proxy http success redirect <url-string>,However, the command does not seem to exist on many of the latter IOS versions. I am also unable to find any documentation with alternate methods of sending a redirection to the client after a successful authentication. Is this command depricated? Is there a more efficient method of redirecting?

View 6 Replies


ADVERTISEMENT

Cisco Firewall :: IP Admission Auth Proxy 881W

May 31, 2011

Platform:  881W
IOS: C880-DATA-UNIVERSALK9-M 15.0(1)M3
License:  I have tried both advsecurity and advipservices
Problem:  Configuring an auth-proxy redirect on seccessful authentication
 
Cisco's documentation states that when you are configuring auth-proxy, you may specify a url in which the clients will be redirected to when successfully authenticated.  The command is: ip admission proxy http success redirect <url-string>
 
However, the command does not seem to exist on many of the latter IOS versions.  I am also unable to find any documentation with alternate methods of sending a redirection to the client after a successful authentication.  Is this command depricated?  Is there a more efficient method of redirecting?
 
Documentation I am using:
URL

View 7 Replies View Related

Cisco Firewall :: Configuring UC-Proxy On ASA 5505 Version 8.0?

Jan 24, 2012

I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
 
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).

View 6 Replies View Related

Configuring Dlink DIR-655 As AP On Network With 802.1x Auth

Sep 17, 2012

I am currently trying to set up my old Dlink DIR-655 Router as an Access Point in my dorm room. We are only given one ethernet port in the bedroom and dragging a 50ft ethernet cable between the bedroom and the common area in the suite is no fun. I have tried to far unsuccessfully. I think the problem is related to the 802.1x authentication that is used on the network. How to get it to work? So far I have disabled DHCP, UPnP and then plugged the first client LAN port into the ethernet port that is provided. I can connect to the router and access the admin panel but there is no connection to the internet. It also did not work plugging my computer into a second LAN port instead of connecting wirelessly.

View 1 Replies View Related

Cisco VPN :: 881W ISR - EasyVPN With Firewall Setup

May 16, 2012

I'm in the process of setting up a working VPN/Firewall setup on an 881W ISR.  I have the firewall, NAT, and VPN working, and I'm able to connect remotely to my router.  The problem I am having is that I none of my VPN cllients can connect to the internet.  I suspect that my firewall rules may have something to do with this.  Let me break-down what I have, and what I want to achieve:
 
1. My router is setup with VLAN1 (172.16.1.0/24) as the inside zone (in-zone), while my outside zone (out-zone) is FastEthernet4 (DHCP WAN Interface).  I also have a guest zone (guest-zone) VLAN12 (192.168.12.0/24) used for my guest SSID wireless, which is NATed to the outside zone.
 
2. I have my EasyVPN setup using a Virtual Template Interface that terminates at the WAN interface FastEthernet4 (something tells me this should be changed).  Should I terminate at VLAN1, or an interface or loopback on VLAN1?
 
3. I ultimately want the VPN users to be able to conenct to the local resources on VLAN1 only, while being able to get out to the internet. [code]

View 14 Replies View Related

Cisco Firewall :: Port Forwarding (ZBFW) On 881W?

Dec 27, 2011

I need to update my Cisco 881W config to allow port forwarding FROM the Internet TO the following inside device as follows:
 
IP Address:  192.168.1.254
Protocol:  TCP/UDP
Port: 5001

This device is a Slingbox Pro-HD and I want to be able to view it from the Internet.
 
Attached is a copy of my 881W config.  I am horrible at properly configuring my zone based firewall (ZBFW) config

View 9 Replies View Related

Cisco Firewall :: 881W - Purpose And Logic Behind Consolidating First Class-map?

Jul 23, 2011

I really need understanding some of the logic behind the default ZBFW settings on my Cisco 881W courtesy of Cisco Configuration Professional.  Here are my two questions:
 
1.)  What is the purpose and logic behind consolidating the first class-map (ccp-cls-insp-traffic) in to the second Class-Map (ccp-insp-traffic) as follows?
 
Code ....

2.) What is the purpose and logic of Policy-Map ccp-inspect is trying to drop traffic from ccp-invalid-src, which is filtering based on ACL 100:

policy-map type inspect ccp-inspectclass type inspect ccp-invalid-src drop logclass type inspect ccp-insp-traffic inspectclass type inspect ccp-protocol-httpclass class-default drop.

Code ....

View 1 Replies View Related

Cisco :: Setting Transparent Proxy To A Proxy Running On A Client?

May 28, 2012

I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:

Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B

View 1 Replies View Related

Cisco Firewall :: ASA5520 To Act As Web Proxy

Dec 15, 2012

I am using a squid proxy behind an ASA5520 firewall to collect the users to the internet. Squid is just necessary to log what is going on in order to find a quick solution when the internet slows down.
 
Considering that I have unlimited licenses and I would like to get rid of squid, I wonder if the ASA has some functionalities to track which websites are being used and how much traffic is generated. If there is not, I would like to know if Cisco offers a good product to replace Squid.

View 2 Replies View Related

Firewall / Proxy For Static IP?

Jul 5, 2011

I have a server having windows server2003 os. I have configured my web application on this server which is accessible over internet using static ip. But I found that there is an risk of viruses on my server. Thats why now I want to configure this server behind the firewall/Proxy as well as dont want to share my static IP.Is there any way to keep server protected using firewall / Proxy application which is free. And also tell me how to nat the static ip.

View 4 Replies View Related

Cisco Firewall :: Cut-Through Proxy Not Working With ASA5520

Jan 16, 2012

I'm trying to configure an ASA 5520 with cut-through proxy feature. The user is required to be authenticated when trying to access an outside resource from the inside. This is a test lab before it is implemented in production. [code]

View 15 Replies View Related

Cisco Firewall :: 5555 ASA Disabling Proxy ARP

May 19, 2013

We just recently upgraded a 5540 ASA running 8.2 to a 5555 running 8.6.  I have a question concerning disabling proxy ARP with static nat rules in place.  We have several instance where devices in a dmz have a static nat entry to the outside and a static nat entry to the inside using the same IP.  My question is if we disable proxy arp on the inside interface would that cause device on the inside not to be able to reach the device in the dmz? From what I have seen you don't want to disable it on the outside interface due to all the static nat translations.  But we have some that are have nat translation going to the inside as well.  How does proxy arp come into play there?  Below is a diagram of an example of the setup I a referring to.  This is on the new 5555 running 8.6

View 1 Replies View Related

Cisco Firewall :: ASA IPv6 NDP Proxy With 5505

Nov 26, 2011

i have a 5505 running 8.4, and my ISP is giving me a /64 IPv6 Prefix. Basically, I have a subnet between my ASA and my ISP's box which is my outside, running into a private subnet (192.168.0.0), as most of ISP does.I have my ASA behind, and i'd like to turn on IPv6 for my inside hosts, but the problem is that I can't modify the routing on y ISP's side, and thus it will assume all host are directly connected in my outside. Thus, I would need some kind of Neighbor Discovery Proxy on the Outside of the ASA. Is there such feature ?

View 1 Replies View Related

Security / Firewalls :: Using Non-proxy Software Through Proxy?

Mar 31, 2012

I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.

Following is the info on the 2 softwares:

1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.

2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".

View 1 Replies View Related

Cisco Firewall :: Debian Transparent Proxy With ASA 5520?

Apr 21, 2012

recently i have install asa 5520 (8.2) in my networks.Earlier I was using my transparent proxy with 2821 by the following configuration access-list 120 deny   ip host 192.168.112.12 anyaccess-list 120 permit tcp any any eq wwwaccess-list 120 deny   ip any any route-map PROXY-REDIRECT permit 10match ip address 120set ip next-hop 192.168.112.12 ip policy route-map PROXY-REDIRECT and was working fine. How i can use my transparent proxy with ASA?

View 2 Replies View Related

Cisco Firewall :: 5520 - ASA Phone Proxy After Failover?

Dec 3, 2012

I have a problem with my asa phone proxy. i have two ASA 5520  in HA. I have 10 phone register with ASA active primary. if i execute the command show phone-proxy secure-session. i can see the phone session on the ASA.
 
if i perform the same command on the passive ASA i can't see the session replicated from the active member.
 
If i switch the cluster the phone enter in a registrating loop and can't connect to the ASA now active.
 
If i switch back immediately (the session are still present on the first asa) the phone register again and all works

the ASA have version 8.4(5)

the phone are a 7921g
 
is normal that the skinny don't start again and re-register the phone on the ASA that became active after failover?

View 1 Replies View Related

Cisco Firewall :: Redirecting Traffic To Proxy From ASA 5505

May 20, 2011

I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.

If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / One Way Audio For Phones Using IP Proxy?

Jun 5, 2011

I've got an ASA 5505 running 8.2 configured for solely as an IP phone proxy, it is the default gateway for the cucm box and PRI router, its inside interface is directly attached to the same subnet as all internal phones as well. Calls can be placed from either end, but after call is established, proxy phones does not hear audio from internal or pstn phones. The proxy phone registers with cucm with the remote internal IP of the phone that obviously cannot be reached by corp network.
 
Debugging from pri router shows the rtp traffic destination is the internal ip address of the proxy phone 192.168.0.50, why is the phone registering with its internal IP 192.168.0.50 rather than its Natted external IP 50.50.50.50 that can be reachable by cucm and other phones?Proxy phone is a 7945, after it registers, I do not see it under sh phone-proxy secure-phones, or sh phone-proxy signaling-sessions while on a call.
 
ASA Proxy config
 
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 10.10.33.25 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 65.x.x.24 255.255.254.0!boot system disk0:/asa823-k8.binftp mode passivedns server-group DefaultDNSdomain-name ----.comsame-security-traffic permit intra-interfaceaccess-list inside_access_in extended permit ip host 10.10.33.10 anyaccess-list inside_access_in extended permit ip any host 10.10.33.10access-list inside_access_in extended permit ip host 10.10.33.5 anyaccess-list inside_access_in extended

[code]....

View 10 Replies View Related

Cisco Firewall :: ASA 5520 - How To Block Proxy Software

Apr 18, 2011

I have ASA5520 with CSC bundle. How can i block Proxy Softwares like Ultrasurf.....?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - How To Block Proxy Over Secure Browser

Mar 24, 2011

Having some problems blocking users installing/using secure browsers proxy. Currently runing ASA 5520 ver. 8.3 & IPS SSM-20 7.0 (2) E4 & Websense web filtering. Able to block most proxy sites with Websense that use port 80 but recently found that some users using some products like Njutrino that use their own secure browser that use it's own proxy over SSL connection.

View 3 Replies View Related

Cisco Firewall :: ASA5505 - Redirect ASA Traffic To Proxy Server?

May 20, 2011

I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
 
Below  i added configuration in my firewall.
 
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
 
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.

View 1 Replies View Related

Cisco Firewall :: ASA5520 Cut Through Proxy HTTPS Concurrent Connections

Jul 29, 2012

What are the limitations on the max number of concurrent HTTPS connections when using Auth Proxy for HTTPS traffic on a Cisco ASA 5520.
 
1) What is the max number of concurrent Authentications that the ASA can perform (HTTPS)?

2) Once Authenticated. What is the max number of concurrent HTTPS Authenticated connections to the back end HTTPS server.

View 3 Replies View Related

Cisco Firewall :: 9971 Phones Supported For Phone Proxy?

Apr 28, 2011

Is the 9971 phones supported for phone proxy (since it`s SIP and SIP i think it`s not supported for Phone proxy).

View 2 Replies View Related

Cisco Firewall :: ASA 5550 Proxy Inspector Drop Reset

Dec 19, 2012

Outside users with certain public ip addresses are not able to access our website.  Below is a log from our ASA 5550 8.2(5)  on one of the clients that's being dropped.  Packet trace result shows that the outside public addresses are allowed.  We do have a TAC case open.

View 1 Replies View Related

Cisco Firewall :: ASA Version 9.0(1) / Configuring NAT On Intranet Firewall?

Dec 26, 2012

configuring NAT on intranet firewall. here is the my topology:
 
  DMZ Network  - - - - - - - - - External Firewall   - - - - - - - - - Internet
                                                          |
                                                          |    
                                                          |
  Internal Network  - - - - - - - - - Internal Firewall  
 
1) I can Ping the intneral host from external firewall, internet firewall and DMZ network

2) Both ASA's are running OS Version 9.0(1)

3) ACL used permit IP any any, on both (i.e inside and outside)
 
NAT configuration on Internal Firewall  (Identity NAT)
 
object network MGMT-SRV-INSIDE           subnet 10.10.10.0 255.255.255.192
object network MGMT-SRV-identity
subnet10.10.10.0 255.255.255.192
 object network MGMT-SRV-INSIDE           nat (Inside,Outside) static MGMT-SRV-identity

[code]....

View 1 Replies View Related

Cisco :: IP Proxy-arp Vs Ip Local-proxy Arp

Jan 8, 2013

Anyone know the differnce between these two on a MLS? Seems that proxy arp as I know it works with or without the 'local' version.

View 7 Replies View Related

Cisco Firewall :: ASA5510 - Redirect HTTP Traffic To Internal Proxy?

Feb 13, 2011

I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
 
Http Traffic will be routed like that : PC ->  WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.

View 6 Replies View Related

Cisco Firewall :: Configuring ASA 5505 Firewall

Sep 21, 2012

I am configuring a Cisco ASA 5505 firewall.In the office there is 1 x SBS 2008 server and 5 x PCs, all sat behind a Netgear DGN1000 ADSL router.We want to implement a ASA 5505 for added security.I have configured the internal interface of the Cisco ASA 5505 to be 192.168.0.1 - this is connected to local switch. The client PCs use 192.168.0.1 as their default gateway.I have configured the external ASA 5505 interface to be x.x.x.217. [code]Change the current router status from Router/Firewall/Modem to Modem only (Bridge mode). The ASA 5505 has its outside interface connected into one of the LAN ports of the netgear. The lan port has an IP of 192.168.0.254.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Redirecting Http And Https Traffic To Proxy Server

Aug 5, 2008

I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my  ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.

View 6 Replies View Related

Making Linux Router / Firewall / Proxy From Dell Poweredge 1950?

Apr 7, 2012

Ok, so what I want to do is make a router/firewall/proxy (maybe add webserver/FTP as well). Just to start off I want to say that I have moderate knowledge of Linux, enough to administer it from the CL. I have setup routers before but it was years ago and I've forgotten some of the details involved. What I do is a base LAMP install, with DNS, Samba, DHCP server, OpenSSH and then Webmin for easier administration. I've also installed EHCP (easy hosting control panel) in the past but have not at this point.

So, what I want to know is how do I setup the NIC's in the etc/network/interfaces file. Let's say that eth0 connects to the modem and eth1 & 2 are internal adapters. Currently my network is running a Linksys WRT54GL with DD-WRT and the router is set to DHCP for the WAN connection and DHCP is running on the internal network as well. The modem is at 192.168.254.254 and is giving the router an address of 192.168.254.1 my internal network is 192.168.1.1 (192.168.1.0/24). I would like to setup my internal router address to 192.168.1.1 so I guess I need to set it to static in my interfaces config and then set my eth0 to dhcp. Does this sound correct?

So if I do the above my only question is how do I setup the routing tables after that? I always get messed up when I need to make the switch from my Linksys router to my Linux box. I'm not worried about firewall rules at first I can change those once I have the router up and running. I just don't know if I need to make some kind of bridge to bridge the eth0 and eth1 (external NIC and internal NIC).

View 3 Replies View Related

Cisco Firewall :: 5510 Unmatched HTTP Traffic To Symantec Public Transparent Proxy

Sep 4, 2012

I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
 
-For the platform - Cisco ASA 5510 ASA 8.4(4)1

-For the solution, I have the following two nat rules

View 10 Replies View Related

Cisco Firewall :: Configuring NAT In 8.3 Using DMZ 2

Sep 26, 2011

We have a requirement where we need to enable a dynamic NAT from DMZ-1 to Inside, I gave the command below, but for some reason it does not work.nat (DMZ-2,Inside) source dynamic any interface,NOTE: The access-list is permitting all the traffic from DMZ-1 and Inside (for test)

View 1 Replies View Related

Cisco Firewall :: Configuring NAT On ASA Running 8.3?

May 15, 2012

I'm having an issue configuring NAT on an ASA running 8.3. 've managed to configure NAT from the Inside interface to the DMZ, using PAT, so that the traffic is hidden behind the IP of the DMZ interface. This seems to work ok.
 
object network obj_any-18
subnet 0.0.0.0 0.0.0.0
 object network obj_any-18
nat (inside,dmz1.005) dynamic interface
 
The problem I have is when I try to configure a rule for traffic that originates in the DMZ back to the Inside. I can't seem to get any traffic to flow from the DMZ to the Inside, and sometimes I manage to stop traffic flowing in both directions!
 
What would be the best way to configure the return traffic from the DMZ to the Inside.

View 12 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved