Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Conditional policy on ASA - is it possible

Is it possible to configure a conditional policy on ASA, for example - I have 3 interfaces Inside, Proxy and Outside. All http/https traffic from the inside users ig going to Proxy (and passed to Outside thereafter). The rule explicitly blocks direct http/https traffic from Inside to Outside. Can I create a rule that enables (or disable deny statement) for http/https traffic in case a Proxy device is not available (let's say IP SLA probe detects it is down)?


Thank you

Everyone's tags (1)
Hall of Fame Super Silver

How are you directing traffic

How are you directing traffic to the proxy? if it's via routing your can make the route track an IP SLA operation.

New Member

The clients are configured

The clients are configured with 'auto detect proxy settings', i.e. internet exporer users. The users cannot go directly because of ACL. I want this ACL disabled once proxy is not reachable.

Hall of Fame Super Silver

I don't believe you can

I don't believe you can directly modify an access-list in response to an ip sla operation. You may be able to use Embedded Event Manager (EEM) to accomplish this however.

Here's a link to the EEM section of the ASA configuration guide (requires ASA 9.2(1) or later).