Proxy servers and ASA5510

by

I am new to Cisco ASA5510 and need to configure it for following situation:

  1. Semi-isolated network 10.18.10.0/24
  2. External excess is via high proxy server to ASA to low proxy server. Each proxy has 2 NICs.
  3. High proxy Eth0 is 10.18.10.11 and eth1 is 10.18.20.11.
  4. High proxy eth0 is connected to 10.18.10.0/24 network.
  5. High proxy eth1 is connected to eth0/0 of ASA5510.
  6. Eth0/1 of ASA5510 is connected to eth0 of low proxy server.
  7. Eth1 of low proxy server is connected to internet connected LAN (10.14.10.0/24).
  8. Low proxy eth0 is 10.14.20.11 and eth1 is 10.14.10.11.

Each proxy has routing between its two NICs and firewall configured to only allow http,https and NTP traffic.
I have two questions:

  1. On the 10.18.10.0/24 network, should the default gateway be the high proxy or the ASA5510?
  2. How should the ASA be configured to only allow proxy traffic on 3128 and NTP?

Answer

I was trying to set the high proxy as gateway and transparent proxy but that does not work with the ASA and low proxy in its way. I eventually, with help of a workmate, set the high proxy to firewall all traffic except ntp and squid traffic. Its squid was also configured as a child to the low proxy which has DNS information and is connected to the net. The low proxy also firewall traffic. The ASA was configured in transparent mode and provides another level of firewalling, at layer 2. Also, no gateway is required on the LAN.

Attribution
Source : Link , Question Author : vladguan , Answer Author : vladguan

Leave a Comment