Using ASA for firewall and ISA to control internet access

Unanswered Question
Apr 30th, 2007

I was wondering if someone could help me out. My company currently uses an ISA server as the firewall. Management wants a Cisco ASA put in it's place. They want to completely get rid of the ISA server. I suggested keeping the ISA to control internet requests. I told them we could set up the ASA to only allow internet access from the ip address of the ISA server. Any suggestions about this config? I am pretty new when it comes to the ASA as well as Cisco.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Mon, 04/30/2007 - 23:54

Hello Mike,

What you say makes real sense.... the ISA can now act as a proxy server, and if you have a proxy in your network, you can have better control of the http traffic... Have a Local area network, with L2 or L3 switch and have the default gateway for the PC's or switch to the ASA box... so, all traffic will flow through the ASA and not through the ISA server...

selectively for http traffic you can enable proxy, so tht it contacts the ISA server. You can implement a lot of additional things on the proxy server, like URL filtering , caching etc which can increase security on internet.... but it all depends on the network admin.. u can always implement all these without having the ISA server, because it increases management , administration, failure points etc....

Hope this helps.. all the best.. rate replies if found useful..


mike.feeney Tue, 05/01/2007 - 12:12

Thanks for the reply Raj. One thing I didn't mention is we have an EVPN cloud for remote sites. So if I change the gateway to the ASA I will have a problem with the EVPN sites. How can I get around that?


This Discussion