mailing list archives
Re: Cisco ASA 5510 and proxy server detection
From: Aaron Smith <smitha () byui edu>
Date: Thu, 09 Feb 2006 09:01:44 -0700
On Wed, 2006-02-08 at 14:03 -0500, nick leachman wrote:
Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.
Absolutely. Same idea, just applied to a subset of users. Requires a
AAA back-end instead of just a couple of ACLs on the ASA.
The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.
From my understanding of the original post, that's the behavior he
wanted for ALL hosts on the inside:
On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?
@@ron Smith <smitha () byui edu>
Brigham Young University Idaho
firewall-wizards mailing list
firewall-wizards () honor icsalabs com