I have been told on my web filtering symantec cloud support, that they can't allow to access http://ip-address:89. Symantec advise/told me to bypass this address in the proxy.
How do I do that with cisco asa 5515x if proxy is on the cloud and I never had experience also bypassing on a proxy locally? Symantec proxy address is proxy2.us.webscanningservice.com and port is 3128. Is it possible to just bypass that particular ip address above or the whole workstation, if the whole workstation then it's not good, for there will be no filtering on that workstation going to happened.
My configuration right now is that I have internal interface (called vlan192) and all other vlans connect to it, and it can get internet.
Before I was using websense, but websense cease to function most of the time, I wasted paying them almost 5k last year. Websense have the most stupid license limitation ever... And I don't know if it can filter the above url problem or not, since I said websense all the time cease to function if license exceeded. My license is 100 ip, yup their license is on the ips, not on the user, so even if my user is only 20, imagine they have all smart phone or blackberry, that will count double, plus 20 server or guess in the company. But still 100 license should still work with websense and just cease to function on the exceeding ip and not for all.
If i understand correct then you are using cloud proxya and sending all internet traffic to Symantec for internet access and you need to bypass this URL in ASA.
I worked on similar issue with differnet proxy vendor.
I believe you have an ACL on ASA which allow web traffic outside only destination to Symantec proxy server. If yes then first thing you need to add another ACL on top of this ACL to allow internal network traffic to destination ip-address on port 89.
Also make sure you have routing in place for this outside IP from internal NW to outside.And on client machine add this IP in bypass proxy list. Hope this helps. please let me know if i misunderstood the quetsion and Scenario.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :