Firewall Wizards mailing list archives
Re: Cisco ASA 5510 and proxy server detection
From: Aaron Smith <smitha () byui edu>
Date: Thu, 09 Feb 2006 09:01:44 -0700
On Wed, 2006-02-08 at 14:03 -0500, nick leachman wrote:
Aaron, I'm not fluent on the 5510 per se; but if you are authenticating to an external AAA server such as a RADIUS server you might be able to set up downloadable ACLs and tie them to the users who are to be denied Internet access.
Absolutely. Same idea, just applied to a subset of users. Requires a AAA back-end instead of just a couple of ACLs on the ASA.
The ACLs would permit traffic only to and from your internal network; so if they tried to head into the wild they'd get denied - period.
From my understanding of the original post, that's the behavior he
wanted for ALL hosts on the inside: On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
Hi, Is there a way to NOT permit users from the inside to connect to a proxy server on the outside and bypassing the Web filtering software ?
________________________________________________________________________ @@ron Smith <smitha () byui edu> Network Operations Brigham Young University Idaho _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco ASA 5510 and proxy server detection John Madden (Feb 07)
- Re: Cisco ASA 5510 and proxy server detection Aaron Smith (Feb 07)
- Re: Cisco ASA 5510 and proxy server detection nick leachman (Feb 08)
- Re: Cisco ASA 5510 and proxy server detection Aaron Smith (Feb 09)
- Re: Cisco ASA 5510 and proxy server detection nick leachman (Feb 08)
- Cisco FWSM failover secondary power failure - message 405001 BT (Feb 19)
- Re: Cisco FWSM failover secondary power failure - message 405001 greg padden (Feb 20)
- Re: Cisco ASA 5510 and proxy server detection Aaron Smith (Feb 07)