I was wondering if someone could help me out with a issue I have. At present our corporation has all internet traffic routed via our HQ, through a Cisco ASA 5510 arrangement. I need to prevent client machines (subnet / range) going directly out onto the internet, I need them to go via a proxy server. My thought was to put a deny ACL on the outbound internal interface. This would be something like deny ip [ip address] [subnet] interface outside with a permit rule for the proxy address.
Does anyone have any suggestions, or ideas as to how I could do this?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...