12-16-2007 06:32 AM - edited 03-05-2019 08:01 PM
I have my proxy server in the LAN. The proxy cache all of the http sessions inbound and outbound of the LAN. In the LAN, user must enter the proxy setting in the browser to be able to surf internet(http port 80).
My questions:-
1) How the setup in the cisco router 2821(ISR-all firewall,nat and IGW)) to cater the proxy server in the LAN? What is the rules to be injected into the configuration so that user will only go through PROXY server and then go through the router?
Solved! Go to Solution.
12-16-2007 10:48 AM
> but if we block the incoming traffic from LAN-subnet for port 80 & 443,
> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?
Yes
> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?
Notice, there is a permit for the proxy server IP address in the ACL
12-16-2007 08:02 AM
sounds like you may have a design problem....is your proxy behind the router ? should that be the "default gateway" for all public IP addresses ?
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
As long as all users have the proxy in thier Internet Config be it IE7 or mozilla/firefox then they will have to use the proxy to surf the net.
12-16-2007 08:16 AM
yup..the proxy is behind the router.. my default-gateway is the 2821 router.. i just want to configure for all users must go through proxy first before reach the router.
And user cannot access internet without configuring proxy server in their browser.
Please advise
12-16-2007 08:18 AM
You can create an ACL in the router to block all http traffic with the exception of the proxy server.
ip access-list extended PROXY
permit tcp host [proxy-server-ip] any eq 80
permit tcp host [proxy-server-ip] any eq 443
deny tcp [LAN-subnet] [LAN-subnet mask] any eq 80
deny tcp [LAN-subnet] [LAN-subnet mask] any eq 443
permit ip any any
interface fx/x (Interface facing the LAN)
ip access-group PROXY in
12-16-2007 08:35 AM
thanks EdisonOrtiz,
but if we block the incoming traffic from LAN-subnet for port 80 & 443, the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?
So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?
Can you explain more?
12-16-2007 10:48 AM
> but if we block the incoming traffic from LAN-subnet for port 80 & 443,
> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?
Yes
> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?
Notice, there is a permit for the proxy server IP address in the ACL
12-17-2007 09:37 AM
thank you EdisonOrtiz..right now I can create rule for my LAN outbound via web proxy server
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: