Re: [fw-wiz] Cisco ASA 5510 and proxy server detection
- From: Aaron Smith <smitha@xxxxxxxx>
- Date: Thu, 09 Feb 2006 09:01:44 -0700
On Wed, 2006-02-08 at 14:03 -0500, nick leachman wrote:
Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.
Absolutely. Same idea, just applied to a subset of users. Requires a
AAA back-end instead of just a couple of ACLs on the ASA.
The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.
wanted for ALL hosts on the inside:From my understanding of the original post, that's the behavior he
On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
Hi,
Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?
________________________________________________________________________
@@ron Smith <smitha@xxxxxxxx>
Network Operations
Brigham Young University Idaho
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Cisco ASA 5510 and proxy server detection
- From: John Madden
- Re: [fw-wiz] Cisco ASA 5510 and proxy server detection
- From: Aaron Smith
- Re: [fw-wiz] Cisco ASA 5510 and proxy server detection
- From: nick leachman
- [fw-wiz] Cisco ASA 5510 and proxy server detection
- Prev by Date: [fw-wiz] PIX to PIX IPSEC VPN IKE Phase 2 problem
- Next by Date: RE: [fw-wiz] question on securing out-of-band management (ver. 2)
- Previous by thread: Re: [fw-wiz] Cisco ASA 5510 and proxy server detection
- Next by thread: [fw-wiz] Cisco FWSM failover secondary power failure - message 405001
- Index(es):
Relevant Pages
|
|
