Do you have a static public IP on the outside interface of cisco811? Do you have more public IP addresses to assign to the ASA outside interface?
Also, what other kind of access do you have? i.e internet users from inside browsing the internet and also what kind of VPN is this?
Let me know the above and I will tell you how to proceed. I offer a paid service if you want me to connect remotely and fix it for you.

Harris

New
ISP Cisco811CiscoASA5100 (To use VPN Here )
VPN Peer to move to CiscoASA

Please let me know if you are keen.
Thanks
Francis

The stating NAT mapping of 192.168.1.0 to itself is basically used to avoid doing dynamic NAT on the ASA, since the dynamic NAT (for outbound communication) is done on the border router. Basically the internal LAN network passes untranslated from the inside of the ASA to its outside and then the border router does NAT to translate this private network into a public IP in order to get routed on the Internet.

Thanks for clarifying that.

My last comment was about allowing the internal proxy. Basically on the ACL you permit only source IP of proxy to any destination and then deny everything else.

But still trying to get my head around how to setup the firewall when an internal proxy is being used.

.The proxy server resides in inside network.
.All the clients go through it, when accessing web.

If I only allowed web traffic source from proxy server, would it be the correct way of setting up?

What you want to achieve can be done easily with access control lists (ACL). Basically you will need to apply an ACL (inbound direction) on the inside interface of ASA which will allow access to only the IP address of proxy and then deny everything else.

WHAT I WOULD LIKE TO DO IS TO HAVE A INTERNAL PROXY SERVER SO THAT ALL CLIENTS GO THROUGH IT. BUT I DONT KNOW WHAT CONFIG NEED TO BE DONE IN ASA>

secondly for another project I WANT TO USE EXTERNAL PROXY, STILL STUCK WITH CONFIGURATION.

Appreciate if some one could help me.