Skip to main content

can restrict users from accessing internet through ASA

More
14 years 10 months ago #33104 by lily
can restrict users from accessing internet through ASA was created by lily
Hi

We have our proxy server and the ASA firewall to restrict users form accessing the internet. But users are accessing the internet even when no proxy configured on their brouser.

U have these configs into the ASA:

object-group network proxies
network-object host 10.102.148.7
network-object host 10.102.148.8
network-object host 10.102.148.9

access-list insideoutbound extended permit ip object-group proxies any

I don't know what is missing for me to restrict internet access.
Could you please advise?
Kind regards,
Eng. Liliane Uwarugira
(250)08467897
luwarugira@bk.rw
More
14 years 10 months ago #33106 by talk2sp
Replied by talk2sp on topic am always so happy...
Hello Lily i am always so happy when i see ladies on this site. Stick around an answer to ur question is on the way. But have u re - checked everything (ur config) @ Server end. I don't see how clients are able to browse without using proxy on a proxy network setup with ASA firewall. Ok Lily if u really have people testing rogue softwares that by pass proxy u need to disable some port numbers i think...

Lets chill i hear from another G33k. Re - Check ur config while we wait.


C0DE - 3
BORN TO BE GREAT

c0de - 3
..........................................................
Take Responsibility! Don't let failures define you
More
14 years 10 months ago #33175 by cisco-tips
Replied by cisco-tips on topic Re: can restrict users from accessing internet through ASA
make the access list more restrictive by allowing only HTTP, HTTPs traffic from proxies to outside.

access-list insideoutbound extended permit tcp object-group proxies any eq 80

access-list insideoutbound extended permit tcp object-group proxies any eq 443

access-list insideoutbound extended deny ip any any log
www.tech21century.com
Time to create page: 0.132 seconds