Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5545-X

 

   Hi All,

   I am planing to implement asa 5545X firewall in place of juniper firewall. We have having cloud proxy now, but we have much problem with cloud proxy for some applications and trusted sites. Now i want to know

  1. can i build my network in such a way, some sites ASA can do proxy(content not required for this) and rest i can push to cloud?
  2. I am going to use 2 ASA's as active and standby, So can i use the standby ASA for proxy filter. So that ASA load will be less.

    Thanks in advance.

 Regards,

 Satya.M

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

> we are have a plan to get

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
5 REPLIES
VIP Purple

1) First of all, you have to

1) First of all, you have to define what you want from that proxy. The ASA is an application inspection gateway that sits transparently in the traffic-flow. That's much different then what a traditional proxy does. Of course you can provide extra security with L7-inspection. For that you need a software module which can be the ASA CX or the FirePower (SourceFire).

2) No, the standby ASA is *only* a backup for the primary ASA in case of a failure. There is no loadsharing in active/standby.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

  Tnx Karsten, we are have a

 

 Tnx Karsten, we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.Any document on proxy config will be helpful.

 

Thanks,

Satya.M

VIP Purple

> we are have a plan to get

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Hi, I am not sure, how better

Hi,

 

I am not sure, how better you can do proxy using cisco asa... but for your question 2: you cannot make use of the standby one to do anything... that can take traffic only when it becomes traffic... it takes only management and sync traffic when it is in standby mode.

 

Regards

Karthik

New Member

   Thnaks Karthik, wish Cisco

 

  Thnaks Karthik, wish Cisco does such things in future :)

  Regards,

  Satya.M

 

 

135
Views
0
Helpful
5
Replies
CreatePlease login to create content