cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
5
Replies

NAT on same interface

mvengelen
Level 1
Level 1

My ( IPSEC client-VPN) ASA is connected to the DMZ of an ISA cluster. The users get an IE proxy setting via domain login which refers to the local lan interface (NLB) of the ISA's. The DMZ interface is also listening for proxy requests. I want to NAT the local LAN proxy to the DMZ proxy ( preferable PAT). A siple static (port) nat doesnt'work. Any ideas ?

Any ideas how to ?

5 Replies 5

claforest
Level 1
Level 1

I would use a proxy.pac file to determine where the client is and set the PROXY where you want it to go.

http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html

Something like:

--- START PROXY.PAC ----

function FindProxyForURL(url, host)

{

var proxy_yes = "PROXY proxy.company.com:8080";

ver proxy_dmz = "PROXY dmzproxy.company.com:8080";

var proxy_no = "DIRECT";

if (isPlainHostName(host)) { return proxy_no; }

if (dnsDomainIs(host, ".company.com")) { return proxy_no; }

if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) { return proxy_dmz; } //VPN NETWORK

return proxy_yes;

}

--- END PROXY.PAC ----

Good idea but as i'm no in control of the desktop of this large organisation I would rather have a "transparent" solution.

You can use the proxy settings of the VPN gateway, you can do that under the EzVPN policy configuration, somewhere depending of what device you are using

I already set the proxy via the ms client settings that you can push via the ASA, but the issue here is that the domain login overrules tis setting because this is processed after the VPN connection is set.

I see, the only thing I could say now is for you to try something with "slow link detection" policy then it will see the host is not local and not apply the policy, it's primiry intended for roaming profile but I think it could work for proxy. See

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91599.mspx?mfr=true

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: