Correct way to use a Proxy Server behind ASA

Unanswered Question
Feb 25th, 2008

Hi All,

I am planning to put up a proxy server on our internal network and would like to see if this is the best way to configure my ASA (7.2(2)):

(1) Proxy located on internal network

(2) All client browser will be set (Internet Explorer) to use the proxy server via the connection setting

(3) On my ASA, allow Proxy server outbound port 80 and port 443, deny all else.

Is there a better way?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mark.j.hodge Thu, 02/28/2008 - 01:50

I would tend to allow all outbound connectivity from the Proxy Server on the ASA.

I would then restrict user access at the Proxy Server.

This way, if you need to allow another service, e.g. streaming media, changes only need to be made in one place.

onlyabhishek007 Fri, 03/07/2008 - 01:06

if u want to create the proxy server in inside then u must create a nat of the specific proxy

ip with the public ip. also create the access-list for 80 443 and apply it on internal.


This Discussion