Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: can restrict users from accessing internet through ASA

can restrict users from accessing internet through ASA 6 years 9 months ago #33104

  • lily
  • lily's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi

We have our proxy server and the ASA firewall to restrict users form accessing the internet. But users are accessing the internet even when no proxy configured on their brouser.

U have these configs into the ASA:

object-group network proxies
network-object host 10.102.148.7
network-object host 10.102.148.8
network-object host 10.102.148.9

access-list insideoutbound extended permit ip object-group proxies any

I don't know what is missing for me to restrict internet access.
Could you please advise?
Kind regards,
Eng. Liliane Uwarugira
(250)08467897
This email address is being protected from spambots. You need JavaScript enabled to view it.
The administrator has disabled public write access.

am always so happy... 6 years 9 months ago #33106

  • talk2sp
  • talk2sp's Avatar
  • Offline
  • Expert Member
  • Posts: 528
  • Thank you received: 1
  • Karma: 1
Hello Lily i am always so happy when i see ladies on this site. Stick around an answer to ur question is on the way. But have u re - checked everything (ur config) @ Server end. I don't see how clients are able to browse without using proxy on a proxy network setup with ASA firewall. Ok Lily if u really have people testing rogue softwares that by pass proxy u need to disable some port numbers i think...

Lets chill i hear from another G33k. Re - Check ur config while we wait.


C0DE - 3
I AM MADE TO SHINE... BORN TO BE GREAT


C0dE - 3
..........................................................
Take Responsibility! Don't let failures define you
The administrator has disabled public write access.

Re: can restrict users from accessing internet through ASA 6 years 9 months ago #33175

make the access list more restrictive by allowing only HTTP, HTTPs traffic from proxies to outside.

access-list insideoutbound extended permit tcp object-group proxies any eq 80

access-list insideoutbound extended permit tcp object-group proxies any eq 443

access-list insideoutbound extended deny ip any any log
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup