Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA + WSA AnyConnect client proxy and mail

I try to use WSA for AnyConnect users.
Now I configure next group-policy:

group-policy ANYCONNECT_PROXY_TEST internal
group-policy ANYCONNECT_PROXY_TEST attributes
 dns-server value 10.0.0.5 10.0.0.6
 vpn-simultaneous-logins 3
 vpn-filter value ANYCONNECT_PROXY_TEST_FILTER
 vpn-tunnel-protocol ikev2
 password-storage enable
 split-tunnel-policy tunnelall
 msie-proxy method use-pac
 msie-proxy pac-url value http://10.0.0.25/wpad.dat
 msie-proxy lockdown enable
 address-pools value POOL_ALL_10_ACCESS
 webvpn
  anyconnect keep-installer installed
  anyconnect ask enable

I do not enable dynamic nat for pool POOL_ALL_10_ACCESS.
Now AnyConnect client can view WEB pages through proxy (IronPort S170).
But I need allow acces to email by smtp, imap pop3.
What best practics for it?
I can enable dynamic nat for pool POOL_ALL_10_ACCESS and filtered all protocols except needed in the ACL ANYCONNECT_PROXY_TEST_FILTER
What I can do it by other way?
Thanks!

------------------------------------------------------ Helping seriously ill children, all together. All information about this, is posted on my blog
189
Views
0
Helpful
0
Replies