I was wondering if someone could help me out with a issue I have. At present our corporation has all internet traffic routed via our HQ, through a Cisco ASA 5510 arrangement. I need to prevent client machines (subnet / range) going directly out onto the internet, I need them to go via a proxy server. My thought was to put a deny ACL on the outbound internal interface. This would be something like deny ip [ip address] [subnet] interface outside with a permit rule for the proxy address.
Does anyone have any suggestions, or ideas as to how I could do this?
Any help would be much appreciated.
Thanks in advance.