Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Cisco ASA 5510 and proxy server detection
From: Aaron Smith <smitha () byui edu>
Date: Thu, 09 Feb 2006 09:01:44 -0700

On Wed, 2006-02-08 at 14:03 -0500, nick leachman wrote:
Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.

Absolutely.  Same idea, just applied to a subset of users.  Requires a
AAA back-end instead of just a couple of ACLs on the ASA.

The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.

From my understanding of the original post, that's the behavior he
wanted for ALL hosts on the inside:

On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:

Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?


@@ron Smith <smitha () byui edu>
Network Operations
Brigham Young University Idaho

firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]