Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
3
Helpful
3
Replies

proxy config on ASA

xiaoliangyue
Level 1
Level 1

‎02-25-2009 11:06 AM - edited ‎02-21-2020 03:19 AM

The customer's proxy server is MS ISA. After http and https proxies are added on ASA, will the end users have to configure their web browser to use proxy? or they don't, the ASA just intercepts the web traffics and redirect them to proxy server?

Thanks

Jon

0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎02-25-2009 03:15 PM

Do you mean Cut-through proxy on ASA? If yes, it's different from web proxy. I don't think ASA has "web proxy server" feature. So, if you need web proxy for users, their web browser should still point to MS ISA.

xiaoliangyue
Level 1
Level 1
In response to Yudong Wu

‎02-27-2009 11:51 AM

Thanks, Kevin.

So if I deploy a MS ISA in a DMZ, the users' web browser need to point to MS ISA. do I need to configure sth special? this DMZ's security level is between inside interface and outside interface.

How does the cut-through on ASA work? I never used it.

0 Helpful

Yudong Wu
Level 7
Level 7
In response to xiaoliangyue

‎02-27-2009 02:35 PM

First of all, you need to make sure your MS ISA server can access the internet, such as NAT, ACL config.

Second, make sure your internal user can access MS ISA in DMZ. Since internal user has high security level, they should be abel to access DMZ by default unless you have ACL configured to control outgoing traffic.

Cut-through is for authentication purpose.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1063502

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card