I'm trying to setup a Application specific proxy. I have tried everything that I could find via Google search and nothing seems to work. All the proxy servers I have found seem to be centered around web browsers such as IE, and firefox.
View 2 Replies
I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?
View 11 Replies View RelatedI have an ACE4710 with a few basic farms running and it works great however I now need to implement an SSL proxy service for the first time. The requirement is that clients who are already using FQDN's need to be sent to diffent real server IP addresses as each client will have their own VM. All the clients will use the same global IP address with different A records.
View 1 Replies View RelatedAny upgrade path to mitigate this recent tls1.0 and sslv3 exploit?
View 1 Replies View RelatedAm I able to use an SSL cert in the proxy list for the same VIP but on a different port?
View 1 Replies View RelatedAs per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?
View 2 Replies View RelatedCan the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.
View 2 Replies View Relatedis it possible to construct the L7 HTTP class-map expression to match all URLs except one? I have 1 correct url, for example: /correcturl.* and want to redirect requests to all other possible URLs to this one, without the need to list them all in "possitive match" statements.
View 6 Replies View RelatedHow would I set up my own anonymous proxy server with my own ip address without having to go on a proxy list site? I don't care how complicated or time consuming it may be, I'm a very fast learner and I do things extremely quickly.
View 3 Replies View Relatedi want to acces the video content of the Dutch television channels, but i am living abroad, they track the ip, see i am not in holland and dont show the content. There are some companies providing a vpn subscription in the Nethderlands for 15 Euro a month and that works perfect, just its a little expensive. Now my hope was to buy a seccond hand vpn router, that i want to put at my parents place in holland, and some how use it in the same way as the vpn service of the company. So using it to connect, and browsing trough this connection to get a Dutch ip.
View 2 Replies View Related"How do i setup a proxy correctly using firefox?"I forgot what addon it was that i was trying to use, proxy fox i assume. If there any better firefox proxy addon that i can use i will be happy to use.I want to know the steps to make the proxy work correctly, because i like to be anonymous as possible when using the internet. I don't care about internet speed.
View 3 Replies View RelatedCurrently using WCCP with squid for content filtering. One of our sites we connect to needs to see the connection coming from our public IP address, not the proxy server IP. I've created a acl in squid for direct lookup, but the website gets angry with the X-Forwarder-Header squid attaches to each packet. Is there a way in a cisco ASA 5505 to bypass wccp for a specific public ip address or url?
View 4 Replies View RelatedI have a wireless router and own net work at my office I would like to be able to set up a proxy server in order to prevent certain users from reaching specific sites.
View 1 Replies View RelatedI am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet 192.168.80.0/24..Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.
I want to setup a proxy server and also to create a group policy on proxy that will take effect on two ou's of staff and executives (150 plus pcs) on the executives ou I want the gpo to be only be effective when dey re in the office and non effective when they are outside the office and which to use their own personal internet modem.
View 1 Replies View RelatedI Changed my old firewall by an ASA5510, since that change my internet connexion is slower.Some websites takes longer to display.I would like to know if there are some specific configuration about TCP connection or DNS to setup?
I just configured the ISP DNS :
Dns server-group DefaultDNSname-server 194.2.0.20 name-server 194.2.0.50
Working on setting up a Cisco 10008 with PPPOE and it seems like we kind of have it working but only one user can get on.
Here is part of the config:
Cisco-10008#show run
Building configuration...
Current configuration : 4134 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
Also is there a way to show a specific user once they are connected with PPPOE? I'm currently using "show aaa sessions", but was thinking it would be "show pppoe something"
Trying to get a service setup with a third party to access our system (ERP web service to access our ERP data, making data available to customers and vendors via internet). They require that I setup four external IP addresses to have access through the firewall. I haven't figured out how to do this. I'm using a Linksys WRV200 router.
View 1 Replies View RelatedI would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.
Following is the info on the 2 softwares:
1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.
2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".
configured my GSS to setup traps to snmp server ,but the snmp server is not receiving any traps from GSS
snmp-server enable
snmp-server community-string public ro
snmp-server host 10.19.41.11 public traps version 2 udp-port 162
[Code]......
I have installed anm 4.3 and is trying to setup monitoring my css11506. I have added the device and on the monitoring-setting-polling status, said the polling configuration is enabled, but the polling status time out.
The css11506 snmp configure as:
snmp trap-type enterprise
snmp cmmunity xxxxx read-only
snmp name "anm v4.3"
[code]...
How to correct it?
I need to setup new ACE 4710 device , after referring to "Establishing a Console Connection on the ACE" i had managed to set up initial console connection. During installtion i had configured vlan (default vlan 1000) , interface ip adess& subnet mask.
Post initial config i understand i should be able to open' Device Manager GUI Login Window' but it is not opening.I also need inputs on setting 4710 for the telnet connection
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies View RelatedBelkin Setup / Router monitor application has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
View 1 Replies View RelatedI have setup load-balancing on an ACE 4710 for HTTP for Sharepoint 2010. The Server Admin says that the IIS server will recognize the right site by DNS name. Problem is I have no clue how to make sure the servers get the DNS name passed to them. They says this is for a multi-homing setup so that we can run multiple sites using the same VIP to the same Serverfarm. How do I do this? I keep getting the IIS splash page since the real server cannot determine the IIS site that I am supposed to access.
View 2 Replies View RelatedIm trying to make a ACE+caching setup work. Ace is running A5(1.2)Content types considered static (like images, stylesheets and javascripts) should be fetched from caches instead of servers.Content from the caches that can be compressed should be compressed by the ACE (stylesheets and javascripts).I am classifying traffic into * static, not compressable (content should be fetched from caches but is already compressed - this class will hold .jpg, .gif, .png, .ico and others - but for this experiment the class is defined with only (a never to be hit) content type .xico* static, compressable (content should be fetched from caches but can be compressed by the ACE - this class will hold .css and .js but for this experiment is defined only with (never to be hit) content types .xjs and .xcssother For statistics purpose I have included a catch all class for everything else (which shold be send to servers) - class-default is configured but will not be hit in this example because of the catch-all class I configured.Since both "STATIC" classes include only content types that has been renamed to content types not used in the real world, I will not expect any hits on those and since WWW.SITENAME.COM:80_STATIC_COMPRESSABLE is the only class configured for compression I expect that nothing will be compressed since there wil be no hits on this class.
This is how it looks in the configuration:
class-map type http loadbalance match-any WWW.SITENAME.COM:80_STATIC_NOT_COMPRESSABLE 10 match http url .*.xico
class-map type http loadbalance match-any WWW.SITENAME.COM:80_STATIC_COMPRESSABLE 10 match http url .*.xjs 20 match http url .*.xcss
class-map type http loadbalance match-any WWW.SITENAME.COM:80_DEFAULT 10 match http url .*
[code]....
Questions are: Why do I see things being compressed when there is only being accounted hits in a compression:off class ?Why does enabling compression in one class (never being hit) cause hits in other clases to be compressed ?
we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client..
# sh ver
Version: sg0820501 (08.20.5.01)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.20.5.01
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
[code]....
ASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
Anyone know the differnce between these two on a MLS? Seems that proxy arp as I know it works with or without the 'local' version.
View 7 Replies View RelatedI have a Router 2801 with the run conf :
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.192 192.168.1.254
!
[code]....
I want to assign a specific IP to a specifig host by MAC .. for example i want the ip 192.168.1.10 to be assign to the host "client1" by mac.I've been creating a new dhcp pool static:
!
ip dhcp pool static
host 192.168.1.10 255.255.255.0
hardware-address xxxx.xxxx.xxxx
client-name client1
!
but the "client1" is still taking other ip.
ACE 4710 TACACS issues ,How to setup user with Admin context access permission. I have enable the TACACS and it can directly put me in Context mode not in Admin Context mode .
View 8 Replies View Related
