Redirecting Outbound Web traffic to internal web server

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hoogen_82 Tue, 03/27/2007 - 23:23
User Badges:
  • Silver, 250 points or more

I think you are trying to get all your users to talk to the proxy server for http or https access. What you need to do is a simple access lists on your inside interface.


Sample could be like this


access-list inside1_outside extended permit tcp host any eq www

access-list inside1_outside extended permit tcp host any eq https

access-list inside1_outside extended permit udp any any eq domain

access-list inside1_outside extended permit icmp any any

access-list inside1_outside extended permit tcp any any eq domain

Your opening up http and https traffic to be allowed only from your proxy server. For dns you could be more specific with your access-list.


After this all the users will be denied access to the web unless they choose to redirect their traffic to the proxy server.

On the users web browser (IE) go to tools --> Internet Options --> Connections --> Lan setting --> Set up the proxy server configuration.


HTH

Hoogen


Do rate if this helps ;)

David White Wed, 03/28/2007 - 15:47
User Badges:
  • Cisco Employee,

The PIX does not have a way of redirecting the outbound traffic to the server you choose.


As Hoogen indicated, you can write ACLs to block the traffic, but there isn't a way to redirect the users to a web server where they can read the corporate policy of using the proxy-server.


David.

Actions

This Discussion