cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
428
Views
0
Helpful
2
Replies

Redirecting Outbound Web traffic to internal web server

relder
Level 1
Level 1

I want to redirect all inside to outside http requests (except the proxy server) to be sent to a internal web server which will state that the proxy is not setup and to contact IS. We have a PIX 525 firewall which I would like to put the redirection on.

Any suggestions? Thanks!

2 Replies 2

hoogen_82
Level 4
Level 4

I think you are trying to get all your users to talk to the proxy server for http or https access. What you need to do is a simple access lists on your inside interface.

Sample could be like this

access-list inside1_outside extended permit tcp host any eq www

access-list inside1_outside extended permit tcp host any eq https

access-list inside1_outside extended permit udp any any eq domain

access-list inside1_outside extended permit icmp any any

access-list inside1_outside extended permit tcp any any eq domain

Your opening up http and https traffic to be allowed only from your proxy server. For dns you could be more specific with your access-list.

After this all the users will be denied access to the web unless they choose to redirect their traffic to the proxy server.

On the users web browser (IE) go to tools --> Internet Options --> Connections --> Lan setting --> Set up the proxy server configuration.

HTH

Hoogen

Do rate if this helps ;)

David White
Cisco Employee
Cisco Employee

The PIX does not have a way of redirecting the outbound traffic to the server you choose.

As Hoogen indicated, you can write ACLs to block the traffic, but there isn't a way to redirect the users to a web server where they can read the corporate policy of using the proxy-server.

David.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: