Re: Cisco ASA 5510 and proxy server detection

[Aaron Smith <smitha () byui edu>]

On Wed, 2006-02-08 at 14:03 -0500, nick leachman wrote:
> Aaron, I'm not fluent on the 5510 per se; but if you are
> authenticating to an external AAA server such as a RADIUS server you
> might be able to set up downloadable ACLs and tie them to the users
> who are to be denied Internet access.

Absolutely.  Same idea, just applied to a subset of users.  Requires a
AAA back-end instead of just a couple of ACLs on the ASA.

> The ACLs would permit traffic only to and from your internal network;
> so if they tried to head into the wild they'd get denied - period.

> From my understanding of the original post, that's the behavior he
wanted for ALL hosts on the inside:

On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
> Hi,
>
> Is there a way to NOT permit users from the inside to
> connect to a proxy server on the outside and bypassing
> the Web filtering software ?



________________________________________________________________________

@@ron Smith <smitha () byui edu>
Network Operations
Brigham Young University Idaho



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards