Can Cisco ASA firewalls restrict Internet access to branch offices?
Branch Office networks, Branch offices, Cisco ASA, Cisco ASA 5505, Cisco ASA Hardware Firewall, Firewall appliances, Firewalls, Internet connection, Network security, Network security appliances, Networking, Proxy, Servers
I have a PPP network between our three office locations. In the master location I have a DSL line connected to my Layer 2 (L2) switch via a Cisco ASA 5505 Firewall. My server (ADC/DHCP/Proxy) is connected to the L2 switch. My branch office locations obtain IP through this server. I am using a Squid Windows version for my proxy, and I'm not able to restrict the Internet connection to branch offices using Squid. How can I restrict branch office users from using the Internet connection?
Software/Hardware used:
Software/Hardware used:
ASKED:
February 11, 2009 6:11 PM
UPDATED:
March 1, 2009 11:11 PM
Answer Wiki:
Does your gateway / Firewall allow internet traffic from any IP or only through the PROXY Server ? If its open for all the IP's than users can bypass the proxy server and freely browse the internet. The best way to restrict the users is by restricting them to change any TCP / IP & Browser settings. Since you are using an AD this can easily be achieved through a Group Policy.
======================
I addition to the above you can control which IP's and protocols have connectivity to the internet via the ASA. Maybe set it up so that only you proxy has access to browse the Internet.
<a href="http://www.ketchumits.com">www.ketchumits.com</a>
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
