I am new to Cisco ASA5510 and need to configure it for following situation:
- Semi-isolated network
10.18.10.0/24
- External excess is via high proxy server to ASA to low proxy server. Each proxy has 2 NICs.
- High proxy
Eth0
is10.18.10.11
andeth1
is10.18.20.11
.- High proxy
eth0
is connected to10.18.10.0/24
network.- High proxy
eth1
is connected toeth0/0
of ASA5510.Eth0/1
of ASA5510 is connected toeth0
of low proxy server.Eth1
of low proxy server is connected to internet connected LAN (10.14.10.0/24
).- Low proxy
eth0
is10.14.20.11
andeth1
is10.14.10.11
.Each proxy has routing between its two NICs and firewall configured to only allow http,https and NTP traffic.
I have two questions:
- On the
10.18.10.0/24
network, should the default gateway be the high proxy or the ASA5510?- How should the ASA be configured to only allow proxy traffic on
3128
and NTP?
Answer
I was trying to set the high proxy as gateway and transparent proxy but that does not work with the ASA and low proxy in its way. I eventually, with help of a workmate, set the high proxy to firewall all traffic except ntp and squid traffic. Its squid was also configured as a child to the low proxy which has DNS information and is connected to the net. The low proxy also firewall traffic. The ASA was configured in transparent mode and provides another level of firewalling, at layer 2. Also, no gateway is required on the LAN.
Attribution
Source : Link , Question Author : vladguan , Answer Author : vladguan