Cisco Firewall :: ASA 5520 - How To Block Proxy Software
Apr 18, 2011I have ASA5520 with CSC bundle. How can i block Proxy Softwares like Ultrasurf.....?
View 2 Replies
ADVERTISEMENT
Cisco Firewall :: ASA 5520 - How To Block Proxy Over Secure Browser
Mar 24, 2011Having some problems blocking users installing/using secure browsers proxy. Currently runing ASA 5520 ver. 8.3 & IPS SSM-20 7.0 (2) E4 & Websense web filtering. Able to block most proxy sites with Websense that use port 80 but recently found that some users using some products like Njutrino that use their own secure browser that use it's own proxy over SSL connection.
View 3 Replies View RelatedCisco Firewall :: Debian Transparent Proxy With ASA 5520?
Apr 21, 2012recently i have install asa 5520 (8.2) in my networks.Earlier I was using my transparent proxy with 2821 by the following configuration access-list 120 deny ip host 192.168.112.12 anyaccess-list 120 permit tcp any any eq wwwaccess-list 120 deny ip any any route-map PROXY-REDIRECT permit 10match ip address 120set ip next-hop 192.168.112.12 ip policy route-map PROXY-REDIRECT and was working fine. How i can use my transparent proxy with ASA?
View 2 Replies View RelatedCisco Firewall :: 5520 - ASA Phone Proxy After Failover?
Dec 3, 2012I have a problem with my asa phone proxy. i have two ASA 5520 in HA. I have 10 phone register with ASA active primary. if i execute the command show phone-proxy secure-session. i can see the phone session on the ASA.
if i perform the same command on the passive ASA i can't see the session replicated from the active member.
If i switch the cluster the phone enter in a registrating loop and can't connect to the ASA now active.
If i switch back immediately (the session are still present on the first asa) the phone register again and all works
the ASA have version 8.4(5)
the phone are a 7921g
is normal that the skinny don't start again and re-register the phone on the ASA that became active after failover?
Cisco Firewall :: ASA 5520 Block MSN Messenger
Mar 22, 2011I am runninng a ASA5520 and ASDM 6.2, I have recenly noticed some MSN traffic on our network. Is there a ASDM policy that I can apply to kill all MSN and Yahoo traffic ? I am looking to block this chat traffic on our network.
View 1 Replies View RelatedCisco Firewall :: ASA 5520 - How To Block LAN IP To Use WAN Resources
Nov 12, 2011I am getting to many teardown tcp connection for outside interface.
i want to block this ip using CISCO IPS or using A access-list in ASA 5520 .
Cisco Firewall :: Block TeamViewer On ASA 5520 8.2?
Jun 25, 2012I have the below policy-Map in my firewall,according to this policy map how can i block teamvirewer via asa 5520, i don't want the outside users to connect using teamviewer to their servers which is already ready up for teamviewer actions
i want to allow only 1 ip address to use team viewer (172.30.30.100)
class-map inspection_default
match default-inspection-traffic
!
!
[Code].....
Cisco Firewall :: ASA 5520 Cannot Block Incoming Traffic
Dec 12, 2012I was configure 3 interface on ASA1st - managemetn (only for management)2nd - gig0/0 is connected to internet with real IP3rd - gig0/1 is connected to local networkI was configure routed NAT to internet.But I have problem with restriction incomming traffic to inside interface (ifname is inside)but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.
View 2 Replies View RelatedCisco Firewall :: ASA 5520 / How To Block All Ultrasurf Application
Oct 10, 2012How can I block Ultrasurf Application?I have configured Cisco ASA 5520 with Cisco CSC-SSM module. I have blocked everything Except Business and banking activities.But user can access A 2 Z traffic through Ultrasurf.exe application. which bypasses all possible firewalls.How can I blocked this application?
View 1 Replies View RelatedCisco Firewall :: ASA 5520 - How To Block All Bypasses Application
Apr 29, 2011How can I block Ultrasurf Application?
I have configured Cisco ASA 5520 with Cisco CSC-SSM module.
I have blocked everything Except Business and banking activities.
But user can access A 2 Z traffic through Ultrasurf.exe application. which bypasses all possible firewalls.
How can I blocked this application?
Cisco Firewall :: ASA 5520 To Block Https Traffic But Users Are Able To Open Website
Jul 1, 2011We have ASA 5520 with CSC-SSM 20 and we want to block https traffic but when we are blocking https traffic http traffic going to block but user are able to open website.
View 1 Replies View RelatedHow To Block Proxy Server Websites
Oct 10, 2011how to block all proxy server websites in my router ( netgear brand ) so that no one can access anymore to the websites that i already restricted like facebook.
View 2 Replies View RelatedRouters / Switches :: Block All Proxy Server Websites?
Oct 10, 2011i just want to ask how can i block all proxy server websites in my router( any brand ) so that no one can access, like facebook i already block it in the router but they still access using proxy server website.
View 2 Replies View RelatedCisco Firewall :: ASA 5520 - Allow Traffic From DMZ To Internet And Block Traffic?
Apr 29, 2012I have an ASA 5520 with the below config
Gi0/0: outside (Internet)
Gi0/1: inside (Internal users)
Gi0/2: DMZ (web servers, ftp, Mail etc..)
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
Cisco VPN :: ASA 5520 - SSL HTTP-Proxy TMG Authentication Failed
Jul 2, 2012We have ASA 5520 as SSL VPN concentrator so users can access internal web from outside. Our internal web also has several internet URL. What we want is when user click internet URL in our internal web, ASA forward those request to internal proxy server. I already config proxy using port 8080 and username "companyuser" and password, but always have authentication failed on ssl vpn browser. We uses forefront TMG as proxy. Username and password have right to access Internet.
View 2 Replies View RelatedCisco VPN :: 5520 / Unable To Use Proxy Server With MAC OS X Anyconnect Client?
Dec 13, 2012I have a VPN setup thru a Cisco 5520, Windows clients connect just find and the end users configure there browser to use our internal proxy servers. Users with the MAC OS X Anyconnect client can connect, they configure their Mac to use our proxy server, but the broswers will not work, clients can reach networks and resources behind the VPN gateway and have access to the Proxy(Tried a telnet to that hostname/port). I am running ASA 8.3(2), Anyconnect(OS X) 3.1.01065.
View 3 Replies View RelatedCisco VPN :: ASA 5520 - Send PIX501 Traffic Out To Proxy Server?
Mar 17, 2011I currently have 90 remote locations that have PIX501's. They are all running 6.3 on them. All of these locations are creating an IPSEC VPN to my ASA 5520 (8.4) at the data center. Web access at the remote locations is currently being handled with ACL thru split tunnels. This is getting increasingly not fun as I have to reach out and touch them one at a time whenever I have to allow more access to the net. Code...
I would like to keep my split tunnel (if possible) for ports 443 and 21. I allow access to "any" on those ports and have no plans to change it.
Can I send port 80 down the VPN tunnel to the Proxy/Web Filter and then return the results to the Remote Client.
Cisco :: Setting Transparent Proxy To A Proxy Running On A Client?
May 28, 2012I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
Cisco Firewall :: ASA5520 To Act As Web Proxy
Dec 15, 2012I am using a squid proxy behind an ASA5520 firewall to collect the users to the internet. Squid is just necessary to log what is going on in order to find a quick solution when the internet slows down.
Considering that I have unlimited licenses and I would like to get rid of squid, I wonder if the ASA has some functionalities to track which websites are being used and how much traffic is generated. If there is not, I would like to know if Cisco offers a good product to replace Squid.
Firewall / Proxy For Static IP?
Jul 5, 2011I have a server having windows server2003 os. I have configured my web application on this server which is accessible over internet using static ip. But I found that there is an risk of viruses on my server. Thats why now I want to configure this server behind the firewall/Proxy as well as dont want to share my static IP.Is there any way to keep server protected using firewall / Proxy application which is free. And also tell me how to nat the static ip.
View 4 Replies View RelatedCisco Firewall :: Cut-Through Proxy Not Working With ASA5520
Jan 16, 2012I'm trying to configure an ASA 5520 with cut-through proxy feature. The user is required to be authenticated when trying to access an outside resource from the inside. This is a test lab before it is implemented in production. [code]
View 15 Replies View RelatedCisco Firewall :: 5555 ASA Disabling Proxy ARP
May 19, 2013We just recently upgraded a 5540 ASA running 8.2 to a 5555 running 8.6. I have a question concerning disabling proxy ARP with static nat rules in place. We have several instance where devices in a dmz have a static nat entry to the outside and a static nat entry to the inside using the same IP. My question is if we disable proxy arp on the inside interface would that cause device on the inside not to be able to reach the device in the dmz? From what I have seen you don't want to disable it on the outside interface due to all the static nat translations. But we have some that are have nat translation going to the inside as well. How does proxy arp come into play there? Below is a diagram of an example of the setup I a referring to. This is on the new 5555 running 8.6
View 1 Replies View RelatedCisco Firewall :: ASA IPv6 NDP Proxy With 5505
Nov 26, 2011i have a 5505 running 8.4, and my ISP is giving me a /64 IPv6 Prefix. Basically, I have a subnet between my ASA and my ISP's box which is my outside, running into a private subnet (192.168.0.0), as most of ISP does.I have my ASA behind, and i'd like to turn on IPv6 for my inside hosts, but the problem is that I can't modify the routing on y ISP's side, and thus it will assume all host are directly connected in my outside. Thus, I would need some kind of Neighbor Discovery Proxy on the Outside of the ASA. Is there such feature ?
View 1 Replies View RelatedSecurity / Firewalls :: Using Non-proxy Software Through Proxy?
Mar 31, 2012I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.
Following is the info on the 2 softwares:
1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.
2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".
Cisco Firewall :: 881W IP Configuring Auth Proxy
Apr 15, 2013Platform: 881WIOS: C880-DATA-UNIVERSALK9-M 15.0(1)M3License:
I have tried both advsecurity and advipservices
Problem: Configuring an auth-proxy redirect on seccessful authentication,Cisco's documentation states that when you are configuring auth-proxy, you may specify a url in which the clients will be redirected to when successfully authenticated.
The command is:,ip admission proxy http success redirect <url-string>,However, the command does not seem to exist on many of the latter IOS versions. I am also unable to find any documentation with alternate methods of sending a redirection to the client after a successful authentication. Is this command depricated? Is there a more efficient method of redirecting?
Cisco Firewall :: Redirecting Traffic To Proxy From ASA 5505
May 20, 2011I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.
If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)
Cisco Firewall :: ASA 5505 / One Way Audio For Phones Using IP Proxy?
Jun 5, 2011I've got an ASA 5505 running 8.2 configured for solely as an IP phone proxy, it is the default gateway for the cucm box and PRI router, its inside interface is directly attached to the same subnet as all internal phones as well. Calls can be placed from either end, but after call is established, proxy phones does not hear audio from internal or pstn phones. The proxy phone registers with cucm with the remote internal IP of the phone that obviously cannot be reached by corp network.
Debugging from pri router shows the rtp traffic destination is the internal ip address of the proxy phone 192.168.0.50, why is the phone registering with its internal IP 192.168.0.50 rather than its Natted external IP 50.50.50.50 that can be reachable by cucm and other phones?Proxy phone is a 7945, after it registers, I do not see it under sh phone-proxy secure-phones, or sh phone-proxy signaling-sessions while on a call.
ASA Proxy config
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 10.10.33.25 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 65.x.x.24 255.255.254.0!boot system disk0:/asa823-k8.binftp mode passivedns server-group DefaultDNSdomain-name ----.comsame-security-traffic permit intra-interfaceaccess-list inside_access_in extended permit ip host 10.10.33.10 anyaccess-list inside_access_in extended permit ip any host 10.10.33.10access-list inside_access_in extended permit ip host 10.10.33.5 anyaccess-list inside_access_in extended
[code]....
Cisco Firewall :: Configuring UC-Proxy On ASA 5505 Version 8.0?
Jan 24, 2012 I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).
Cisco Firewall :: IP Admission Auth Proxy 881W
May 31, 2011Platform: 881W
IOS: C880-DATA-UNIVERSALK9-M 15.0(1)M3
License: I have tried both advsecurity and advipservices
Problem: Configuring an auth-proxy redirect on seccessful authentication
Cisco's documentation states that when you are configuring auth-proxy, you may specify a url in which the clients will be redirected to when successfully authenticated. The command is: ip admission proxy http success redirect <url-string>
However, the command does not seem to exist on many of the latter IOS versions. I am also unable to find any documentation with alternate methods of sending a redirection to the client after a successful authentication. Is this command depricated? Is there a more efficient method of redirecting?
Documentation I am using:
URL
Cisco Firewall :: Block Ip Address From CLI At PIX Firewall Version 6.3(4)?
Oct 11, 2011I would like to know how can I block a ip address from the CLI at the Cisco PIX Firewall Version 6.3(4)
View 4 Replies View RelatedCisco Firewall :: ASA5505 - Redirect ASA Traffic To Proxy Server?
May 20, 2011I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
Below i added configuration in my firewall.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.
Cisco Firewall :: ASA5520 Cut Through Proxy HTTPS Concurrent Connections
Jul 29, 2012What are the limitations on the max number of concurrent HTTPS connections when using Auth Proxy for HTTPS traffic on a Cisco ASA 5520.
1) What is the max number of concurrent Authentications that the ASA can perform (HTTPS)?
2) Once Authenticated. What is the max number of concurrent HTTPS Authenticated connections to the back end HTTPS server.
Cisco Firewall :: 9971 Phones Supported For Phone Proxy?
Apr 28, 2011Is the 9971 phones supported for phone proxy (since it`s SIP and SIP i think it`s not supported for Phone proxy).
View 2 Replies View Related