0

I need to publish 2 sites through a proxy from the internet to my secure network behind the asa. In an ISA you would just create a proxy and go on your way. However I have asa 5510's and don't see anything similar. One site is a RSA self-service for tokens. Second is a network monitoring site that has access to all my core routers, switches etc.

Any ideas? It can be linux or windows or on the ASA.

ChrisMuench
  • 136
  • 1
  • 5

1 Answers1

1

If I understand your question correctly, you have a proxy on the internet (for load balancing perhaps?) that forwards traffic to your web servers, which sit behind a firewall (the ASA).

If this is the case, you need to do two things, one for the routing functions of the ASA and one for the firewall functions:

  1. Make your web servers addressable by the proxy - this could be achieved through Port Address Translation (PAT) where the IP address the proxy sends its traffic to is the ASAs, but each web server uses a different port - the ASA then forwards the traffic to the correct web server based on the port. The alternative to this is to give each webserver a public IP address and have the ASA route the traffic.
  2. Allow traffic from the proxy to each web server through the firewall by writing Access Control Lists (ACLs) - the specifics of this depend on which method you use for the routing.

There may be other ways of achieving the same thing.

ASAs are not analagous products to Microsoft ISA. ISA runs on a server, which allows it to be more flexible. Depending on what you want your proxy to do an ASA may be able to do some of it, but you'd have to give more detail in your question.

dunxd
  • 9,632
  • 22
  • 81
  • 118