Cisco Firewall :: ASA5510 - Redirect HTTP Traffic To Internal Proxy?

Feb 13, 2011

I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
 
Http Traffic will be routed like that : PC ->  WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.

View 6 Replies


ADVERTISEMENT

Cisco Firewall :: Redirect HTTP / Ftp Traffic (ASA 5510)

Apr 25, 2011

i have the following scenario :
  
ISP1-------ASA 5510----------ISP2
                    |
                    |
                    |
                  LAN
 
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.

View 7 Replies View Related

Cisco Firewall :: ASA5505 - Redirect ASA Traffic To Proxy Server?

May 20, 2011

I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
 
Below  i added configuration in my firewall.
 
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
 
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.

View 1 Replies View Related

Cisco Firewall :: Redirect Http And Https Traffic From ASA 5520 Via Squid?

Dec 20, 2010

Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?

View 18 Replies View Related

Cisco Firewall :: ASA 5505 - Redirecting Http And Https Traffic To Proxy Server

Aug 5, 2008

I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my  ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.

View 6 Replies View Related

Cisco Firewall :: 5510 Unmatched HTTP Traffic To Symantec Public Transparent Proxy

Sep 4, 2012

I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
 
-For the platform - Cisco ASA 5510 ASA 8.4(4)1

-For the solution, I have the following two nat rules

View 10 Replies View Related

Cisco Wireless :: WLC 5508 - Redirect Traffic To Web Proxy

Mar 1, 2013

We need to create Guest WLAN on WLC 5508 which will be used for internet access only. My questions are:
 
1. Is it possible to use our external web proxy server to authenticate users?

2. Can we also forward all traffic to the external web proxy to filter the websites that can be accessed (without configuring it on the browser)?

3. Can this be achieved using the L3 webauth?
 
Our topology:
 
WLC -- Switch -- ASA Firewall -- Internet -- External Web Proxy
 
We are using WLC as DHCP server for Guest WLAN with ASA Firewall as the gateway.

View 6 Replies View Related

Proxy Server / Host File - Redirect Traffic

Feb 16, 2012

So I have a proxy server in my home that all the computers use to access the internet (XP Pro). I edited the host file on the proxy to redirect traffic for various reasons (ad blocking, etc.) But I have noticed that it doesn't seem to affect the computers that use the proxy. For example one entry in the host file could be 127.0.0.1 abc123.com so that abc123.com would loopback to the localhost. For some reason this isn't working. Is there anyway to get this to work without changing the host file on each individual computer?

View 3 Replies View Related

Cisco Switching/Routing :: 6509 Unable To Redirect Http Traffic

Mar 26, 2012

On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:

-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
 
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?

View 4 Replies View Related

Cisco WAN :: 2600 - Redirect Web Traffic To External Proxy In Specific Port?

Jan 18, 2010

I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?

View 11 Replies View Related

D-Link DIR-655 :: Routing All HTTP / Port 80 Traffic To Proxy Server?

Jul 18, 2011

I have a setup like this.

Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.

So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server.
That way it is transparent and then it is not needed to configure each computers browser settings.

I am pretty new to this and the router configurations.

The proxy server works fine if i configure the browser manually.

View 6 Replies View Related

Cisco Application :: Can ACE (4710) Behave As Reverse Proxy For HTTP And SSL Traffic

Jul 12, 2011

Can the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Http Inspection Dropping All Http Traffic

May 9, 2012

I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
 
Here is the setup: I'm not sure why the web traffic is getting dropped.
 
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto

[Code].....

View 2 Replies View Related

Cisco WAN :: ASA 5505 - Forwarding All Incoming Traffic To Two Internal HTTP Server

Oct 2, 2011

We have Cisco ASA 5505, 90.x.y.2/29 IP is assigned to outside interface. We have one internal HTTP server so that I use static (inside,outside) tcp interface [URL] to forward all incoming HTTP traffic to internal HTTP server 1. Now we need to add new physical HTTP server 2 so that I would like to forward

HTTP traffic to e.g. 90.x.y.3/29 to 172.16.0.11.
 
How can I do that? See scenario image (scenario.png) if needed.

View 6 Replies View Related

Cisco Switching/Routing :: 6509 Use Policy Based Routing To Redirect Http Traffic

May 29, 2012

We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?

View 11 Replies View Related

Cisco Firewall :: Redirect Http / Https To Port 8080 PIX 6.3?

Feb 27, 2013

I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
 
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
 
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
 
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
I get the following error: ERROR: duplicate of existing static
 
Is there a work around for this at all or am I stuck with the limitations of the software?

View 2 Replies View Related

Cisco Firewall :: ASA5510 Need To Unblock Http Radio Stations

Apr 1, 2011

I have an ASA5510 with CSC Module which is inspecting HTTP traffic. We need to be able to use http radio stations. Some radio stations work but some don't work. I excluded my computer ip address from the CSC filtering but i am still unable use certain radio stations. I thought since my computer is excluded from the CSC filtering and some radio stations don't work that it must be the firewall that is blocking the traffic. I removed the rtsp inspection and it won't work.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Static Nat From Outside To 2 Internal Interfaces?

Mar 18, 2012

I have an ASA5510 running 8.2 code and I have over 200 static nats from  the outside to the inside interface and that is how I expose our systems  to the Internet.  If this inside interface fails we also have a bypass  interface that also terminates on the internal network but I am not sure  how the nats will behave given they are statically mapped to the  inside.

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Use Internal DHCP Throughout VPN IPSEC

Oct 19, 2011

I've a question about VPN IPSEC on ASA5510
 
In the LAN network , we use a DHCP on a Windows2003Server. Is it Possible to Configure the remote VPN Clients to use this DCHPserver throughout the VPN IPSEC and Assigned Automatically IP when the connection is done?

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Connect 2 Internal Networks

Apr 26, 2011

We recently got a Cisco ASA 5510 Security Appliance and I have some general question.

We have 1 T1 internet connection, and we have 2 internal networks.  These 2 internal networks currently hav access to the internet.  I am having issues with the 2 internal networks being able to communicate with each other.

View 2 Replies View Related

Cisco Firewall :: ASA5510 Cannot Publish Internal Web Servers To Outside

Mar 26, 2013

Cisco ASA 5510  directly facing the internet on E0/0 (1 Public IP only) with internal  LAN on E0/1. Exchange 2010 OWA working fine with ACL and NAT rules  configured.Problem:

•1. Cannot publish internal web servers to outside, have tried PAT.
•2. Have multiple web servers to publish with all on one protocol (HTTP) to  a single public IP which I don’t know if it’s possible on a ASA.
•3.When SSL VPN is configured with Local user database, connecting from  Anyconnect client gives a certificate error. Upon viewing the  certificate it points to the internal mail server.

View 7 Replies View Related

Cisco Firewall :: ASA5510 Internal Flash Requirement For IOS 8.2(5) Upgrade?

Dec 21, 2012

Currently my ASA5510 has a 64MB internal flash.  Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)?  The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.

View 2 Replies View Related

Cisco Firewall :: Managing ASA5510 Using ASDM Via Internal Interface

May 17, 2012

I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.
 
My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else.  Is this correct?
 
I only configured one internal port and it is the path to my LAN.  I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process.  Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?
 
I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1.  If I open ASDM and connect thru the management port and select Configuration/Device Management/Management  Access/ASDM/HTTPS/Telnet/SSH
 
select "ADD"
select access type "ASDM/HTTPS"
select interface "internal"
IP Address   "10.1.1.0"
Mask       "255.255.255.0"
 
Will that give me access to ASA management thru my internal network but cripple my network access to the ASA? 

View 6 Replies View Related

Cisco Firewall :: Redirecting Traffic To Proxy From ASA 5505

May 20, 2011

I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.

If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Routing / NATing From Internal Network To Outside Interface IP

Jun 3, 2012

I have an ASA5510 running version 8.2(5) I am having an issue with routing/natting from an internal network to the outside interface IP on port 443 which has a nat back in to another internal address. i works externally in from a public address. i also see log messages to do with IP Spoofing

View 1 Replies View Related

Cisco Application :: CSS Or ACE 4710 Redirect HTTPS To Http

Feb 27, 2012

For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
 
But if the CSS is already handling traffic for existing url...  traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?

View 7 Replies View Related

Cisco Application :: ACE 4710 - Redirect HTTP To HTTPS?

Jun 21, 2012

I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.

View 4 Replies View Related

Cisco Application :: ACE 4700 Redirect HTTP To HTTPS?

Feb 6, 2013

How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.

View 7 Replies View Related

Cisco Wireless :: WAP4410N HTTP Redirect And Internet Radios

Mar 12, 2013

I've got a HTTP Redirect to a dedicated html site with our internet usage policy set up on multiple WAP4410N access points.This is working like a charm with laptops, but not with internet radios. They can't connect to the internet probably freezing on the http redirected site.Is there any way to exclude these devices from the redirect?

View 3 Replies View Related

Cisco Switching/Routing :: HTTP Redirect Using 3750 Switch

Sep 16, 2012

I have tried search but found found anything for the 3750 switch about how to redirect HTTP, HTTPS & SMTP traffic to altenative gateway, than our standard gateway on our network, so here goes:
 
The network that need the HTTP, HTTPS and SMTP traffic redirect is 192.168.5.0/24 and should be redirect to 192.168.5.205 where as all other traffic need to be direct to 192.168.5.199.
 
Can the 3750 switch do this typo of refirect and if how?? I cannot find anything on the Cisco site stating how or even if it is possible! 

View 2 Replies View Related

Cisco Wireless :: HTTP Redirect - 2504 WLAN Controller

Apr 23, 2012

I have a 2504 and my goal is to automatically redirect a users home page when they connect to a certain internal website. Authentication isn't a real concern just now.

Is it possible to simply have a users home page redirected when they open their browser upon connecting to the SSID? All of the documents available have stated to use 802.1x / RADIUS or other fancy tools.

View 3 Replies View Related

Cisco Firewall :: Configure HTTP Traffic To ISP2 And Static NAT To ISP1 On ASA5520?

Jun 20, 2011

is this possible to configure HTTP traffic to ISP2 and Static NAT to ISP1 on ASA5520?

View 2 Replies View Related

Cisco Firewall :: ASA5510 Allow Traffic From DMZ To LAN

Sep 18, 2011

My device has 3 interfaces configured: inside, outside, DMZ.  Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement.  I am having a few issues setting up DMZ > LAN access however.  The servers running on the DMZ need to send information to my LAN such as syslog traffic for example.  Will DMZ traffic be NATed or should this somehow be excluded?  Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa.  Are there any special statements I need to add to the ASA such as nat or ACLs to make this work?  My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved