Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Using ASA for firewall and ISA to control internet access

I was wondering if someone could help me out. My company currently uses an ISA server as the firewall. Management wants a Cisco ASA put in it's place. They want to completely get rid of the ISA server. I suggested keeping the ISA to control internet requests. I told them we could set up the ASA to only allow internet access from the ip address of the ISA server. Any suggestions about this config? I am pretty new when it comes to the ASA as well as Cisco.


Re: Using ASA for firewall and ISA to control internet access

Hello Mike,

What you say makes real sense.... the ISA can now act as a proxy server, and if you have a proxy in your network, you can have better control of the http traffic... Have a Local area network, with L2 or L3 switch and have the default gateway for the PC's or switch to the ASA box... so, all traffic will flow through the ASA and not through the ISA server...

selectively for http traffic you can enable proxy, so tht it contacts the ISA server. You can implement a lot of additional things on the proxy server, like URL filtering , caching etc which can increase security on internet.... but it all depends on the network admin.. u can always implement all these without having the ISA server, because it increases management , administration, failure points etc....

Hope this helps.. all the best.. rate replies if found useful..


New Member

Re: Using ASA for firewall and ISA to control internet access

Thanks for the reply Raj. One thing I didn't mention is we have an EVPN cloud for remote sites. So if I change the gateway to the ASA I will have a problem with the EVPN sites. How can I get around that?

CreatePlease to create content