Hi All I am doing a lab which asks to complete the following:
- Configure ASA1 for HTTP URL filtering for all users on the inside using a WebSense server located at 10.0.0.100. - In the case that the filtering server is down all HTTP requests should be allowed. - Ensure that users accessing websites via external proxies on port 8080 are blocked by this policy. My answer was url-server (outside) vendor websense host 10.0.0.100 filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block It seems I don't understand the usage of the proxy block command as the solution gave the answer as url-server (outside) vendor websense host 10.0.0.100 filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow filter url 8080 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 proxy-block I was under the impression that using the proxy block option as I did would allow normal HTTP connections for the traffic from any source networks to any destination be checked against the external filtering server but block this same traffic if it is using a proxy. It seems from the solution however that the proxy block option is used by itself to identify a source and destination network and a port (8080 in this case) to apply a blanket deny on all matching traffic. It would seem easier t me to just allow HTTP traffic in an ACL and deny all other traffic (inc 8080) in this case though I understand this is not how the question is wanting it to be done. Considering I can't really test this too easily as I don't have a websense server can anyone confirm, deny or clarify my observations? Thanks Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
