02-25-2009 11:06 AM - edited 02-21-2020 03:19 AM
The customer's proxy server is MS ISA. After http and https proxies are added on ASA, will the end users have to configure their web browser to use proxy? or they don't, the ASA just intercepts the web traffics and redirect them to proxy server?
Thanks
Jon
02-25-2009 03:15 PM
Do you mean Cut-through proxy on ASA? If yes, it's different from web proxy. I don't think ASA has "web proxy server" feature. So, if you need web proxy for users, their web browser should still point to MS ISA.
02-27-2009 11:51 AM
Thanks, Kevin.
So if I deploy a MS ISA in a DMZ, the users' web browser need to point to MS ISA. do I need to configure sth special? this DMZ's security level is between inside interface and outside interface.
How does the cut-through on ASA work? I never used it.
02-27-2009 02:35 PM
First of all, you need to make sure your MS ISA server can access the internet, such as NAT, ACL config.
Second, make sure your internal user can access MS ISA in DMZ. Since internal user has high security level, they should be abel to access DMZ by default unless you have ACL configured to control outgoing traffic.
Cut-through is for authentication purpose.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide