Options

ASA Redirection

marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
in CCNP Security
Hi. We are using an ASA 5500. We have a DMZ where our proxy server is located. I have a route map on our internal router that could only redirect to www traffic to its next hop ip which is the internal interface of the ASA. I have been reading that there is no policy map (route-map) capability of the ASA. Is there a way for me to redirect www traffic going through the internal interface of the ASA to be forwarded to the squid proxy in the DMZ? Also, is there a way to redirect non-www traffic as well?

Thanks.
· Share on FacebookShare on Twitter

Comments

  • Options
    rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    hi,

    i think you can do that using some short of PBR,
    but i like to know your config on the internal router prior asking this question?
    the More I know, that is more and More I dont know.
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    You could use Dynamic PAT. I would avoid using the IP of the ASA itself, use a separate one if you can but it should still work....but ALL traffic for the ports/protocols you define will fall under this rule. Anyway you specify TCP 80 as the condition for the translation from your ASA Inside interface IP to the DMZ host.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.