I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
-For the platform - Cisco ASA 5510 ASA 8.4(4)1
-For the solution, I have the following two nat rules
So I have a proxy server in my home that all the computers use to access the internet (XP Pro). I edited the host file on the proxy to redirect traffic for various reasons (ad blocking, etc.) But I have noticed that it doesn't seem to affect the computers that use the proxy. For example one entry in the host file could be 127.0.0.1 abc123.com so that abc123.com would loopback to the localhost. For some reason this isn't working. Is there anyway to get this to work without changing the host file on each individual computer?
On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:
-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am -Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You -Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?
I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?
Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.
So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server. That way it is transparent and then it is not needed to configure each computers browser settings.
I am pretty new to this and the router configurations.
The proxy server works fine if i configure the browser manually.
Can the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map parameters message-length maximum client auto
We have Cisco ASA 5505, 90.x.y.2/29 IP is assigned to outside interface. We have one internal HTTP server so that I use static (inside,outside) tcp interface [URL] to forward all incoming HTTP traffic to internal HTTP server 1. Now we need to add new physical HTTP server 2 so that I would like to forward
HTTP traffic to e.g. 90.x.y.3/29 to 172.16.0.11.
How can I do that? See scenario image (scenario.png) if needed.
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
I have an ASA5510 with CSC Module which is inspecting HTTP traffic. We need to be able to use http radio stations. Some radio stations work but some don't work. I excluded my computer ip address from the CSC filtering but i am still unable use certain radio stations. I thought since my computer is excluded from the CSC filtering and some radio stations don't work that it must be the firewall that is blocking the traffic. I removed the rtsp inspection and it won't work.
I have an ASA5510 running 8.2 code and I have over 200 static nats from the outside to the inside interface and that is how I expose our systems to the Internet. If this inside interface fails we also have a bypass interface that also terminates on the internal network but I am not sure how the nats will behave given they are statically mapped to the inside.
In the LAN network , we use a DHCP on a Windows2003Server. Is it Possible to Configure the remote VPN Clients to use this DCHPserver throughout the VPN IPSEC and Assigned Automatically IP when the connection is done?
We recently got a Cisco ASA 5510 Security Appliance and I have some general question.
We have 1 T1 internet connection, and we have 2 internal networks. These 2 internal networks currently hav access to the internet. I am having issues with the 2 internal networks being able to communicate with each other.
Cisco ASA 5510 directly facing the internet on E0/0 (1 Public IP only) with internal LAN on E0/1. Exchange 2010 OWA working fine with ACL and NAT rules configured.Problem:
•1. Cannot publish internal web servers to outside, have tried PAT. •2. Have multiple web servers to publish with all on one protocol (HTTP) to a single public IP which I don’t know if it’s possible on a ASA. •3.When SSL VPN is configured with Local user database, connecting from Anyconnect client gives a certificate error. Upon viewing the certificate it points to the internal mail server.
Currently my ASA5510 has a 64MB internal flash. Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)? The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.
I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.
My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else. Is this correct?
I only configured one internal port and it is the path to my LAN. I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process. Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?
I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1. If I open ASDM and connect thru the management port and select Configuration/Device Management/Management Access/ASDM/HTTPS/Telnet/SSH
select "ADD" select access type "ASDM/HTTPS" select interface "internal" IP Address "10.1.1.0" Mask "255.255.255.0"
Will that give me access to ASA management thru my internal network but cripple my network access to the ASA?
I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.
If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)
I have an ASA5510 running version 8.2(5) I am having an issue with routing/natting from an internal network to the outside interface IP on port 443 which has a nat back in to another internal address. i works externally in from a public address. i also see log messages to do with IP Spoofing
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
I've got a HTTP Redirect to a dedicated html site with our internet usage policy set up on multiple WAP4410N access points.This is working like a charm with laptops, but not with internet radios. They can't connect to the internet probably freezing on the http redirected site.Is there any way to exclude these devices from the redirect?
I have tried search but found found anything for the 3750 switch about how to redirect HTTP, HTTPS & SMTP traffic to altenative gateway, than our standard gateway on our network, so here goes:
The network that need the HTTP, HTTPS and SMTP traffic redirect is 192.168.5.0/24 and should be redirect to 192.168.5.205 where as all other traffic need to be direct to 192.168.5.199.
Can the 3750 switch do this typo of refirect and if how?? I cannot find anything on the Cisco site stating how or even if it is possible!
I have a 2504 and my goal is to automatically redirect a users home page when they connect to a certain internal website. Authentication isn't a real concern just now.
Is it possible to simply have a users home page redirected when they open their browser upon connecting to the SSID? All of the documents available have stated to use 802.1x / RADIUS or other fancy tools.
My device has 3 interfaces configured: inside, outside, DMZ. Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement. I am having a few issues setting up DMZ > LAN access however. The servers running on the DMZ need to send information to my LAN such as syslog traffic for example. Will DMZ traffic be NATed or should this somehow be excluded? Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa. Are there any special statements I need to add to the ASA such as nat or ACLs to make this work? My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.
