Configuring support for proxy servers – Cisco ASA 5505 User Manual

Page 1594

Advertising
background image

74-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using SSL to Access the Central Site

Configuring Support for Proxy Servers

The ASA can terminate HTTPS connections and forward HTTP and HTTPS requests to proxy servers.
These servers act as intermediaries between users and the Internet. Requiring Internet access via a server
that the organization controls provides another opportunity for filtering to assure secure Internet access
and administrative control.

When configuring support for HTTP and HTTPS proxy services, you can assign preset credentials to
send with each request for basic authentication. You can also specify URLs to exclude from HTTP and
HTTPS requests.

Restrictions

You can specify a proxy autoconfiguration (PAC) file to download from an HTTP proxy server, however,
you may not use proxy authentication when specifying the PAC file.

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

port

port_number

Example:

hostname(config)# http server enable

hostname(config)# http 192.168.3.0 255.255.255.0

outside

hostname(config)# webvpn

hostname(config-webvpn)# port 444

hostname(config-webvpn)# enable outside

Changes the SSL listening port for clientless SSL
VPN.

Enables clientless SSL VPN on port 444 of the
outside interface. With this configuration, remote
users initiating clientless SSL VPN sessions enter
https://<outside_ip>:444 in the browser.

Step 3

port argument of http server enable

Example:

hostname(config)# http server enable 444

hostname(config)# http 192.168.3.0 255.255.255.0

outside

hostname(config)# webvpn

hostname(config-webvpn)# enable outside

(Privileged exec mode) Changes the listening port
for ASDM.

Specifies that HTTPS ASDM sessions use port 444
on the outside interface. Clientless SSL VPN is also
enabled on the outside interface and uses the default
port (443). With this configuration, remote users
initiate ASDM sessions by entering
https://<outside_ip>:444

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

http-proxy and https-proxy

Configures the ASA to use an external proxy server
to handle HTTP and HTTPS requests.

Note

Proxy NTLM authentication is not
supported in http-proxy. Only proxy
without authentication and basic
authentication are supported.

Step 3

http-proxy

host

[

port

] [exclude url] [username

username

{password

password

}]

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals