Forcing traffic through proxy using Route-maps

BADfish10 · April 2009

Hi Guys a Quick Question any pointers would be very well recived.

i have a 3560 to play with and i am trying to push traffic from 2 vlans (User) and (Guest) through a inline proxy connected in a loop only when they are accessing content outside of the Local network.

so if user access's a local server then not sent through proxy however if they access the internet the proxy is used.

Now i have been thinking Policy based routing with route-map's but am wondering what set command to ues some pointers would be helpful!

the proxy can has 2 interfaces inside and outside currently both sit in a single vlan but this can be changed.

Cheers

Guys

ColbyG · April 2009

Here is the relevant config from my 1811:

!
track 123 rtr 10 reachability
!
!
interface Vlan15
 description WIRELESS
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 ip policy route-map PROXY_REDIRECT
!
!
ip access-list extended PROXY_REDIRECT
 deny   tcp any any neq www
 deny   tcp host 192.168.10.51 any
 permit tcp host 192.168.15.26 any time-range WORK_DAY
 deny   ip any any
!
!
ip sla 10
 icmp-echo 192.168.10.51
ip sla schedule 10 life forever start-time now
!
!
!
route-map PROXY_REDIRECT permit 10
 match ip address PROXY_REDIRECT
 set ip next-hop verify-availability 192.168.10.51 10 track 123
!
!
time-range WORK_DAY
 periodic weekdays 8:00 to 17:3
!
!

You probably just want to use the ACL and route-map, but mine also tracks the reachability of the proxy and if it's down traffic bypasses it and goes straight out.

BADfish10 · April 2009

"You Good Sir" are a star

Nice to know i was not miles off and with time may of got there
i like the Track object and that was going to be my next Question

You have saved me alot of guessing.

Can anyone recomend some litrature on Route-Map's i have Safari so any Cisco Press is Cool

Thanks

James

Forcing traffic through proxy using Route-maps

Comments