Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
5
Helpful
6
Replies

Integration of Proxy Server to the LAN

Go to solution
noxkrugger
Level 1
Level 1

‎12-16-2007 06:32 AM - edited ‎03-05-2019 08:01 PM

I have my proxy server in the LAN. The proxy cache all of the http sessions inbound and outbound of the LAN. In the LAN, user must enter the proxy setting in the browser to be able to surf internet(http port 80).

My questions:-

1) How the setup in the cisco router 2821(ISR-all firewall,nat and IGW)) to cater the proxy server in the LAN? What is the rules to be injected into the configuration so that user will only go through PROXY server and then go through the router?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to noxkrugger

‎12-16-2007 10:48 AM

> but if we block the incoming traffic from LAN-subnet for port 80 & 443,

> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

Yes

> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Notice, there is a permit for the proxy server IP address in the ACL

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Fraser Reid
Level 1
Level 1

‎12-16-2007 08:02 AM

sounds like you may have a design problem....is your proxy behind the router ? should that be the "default gateway" for all public IP addresses ?

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-

As long as all users have the proxy in thier Internet Config be it IE7 or mozilla/firefox then they will have to use the proxy to surf the net.

0 Helpful

Go to solution
noxkrugger
Level 1
Level 1
In response to Fraser Reid

‎12-16-2007 08:16 AM

yup..the proxy is behind the router.. my default-gateway is the 2821 router.. i just want to configure for all users must go through proxy first before reach the router.

And user cannot access internet without configuring proxy server in their browser.

Please advise

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎12-16-2007 08:18 AM

You can create an ACL in the router to block all http traffic with the exception of the proxy server.

ip access-list extended PROXY

permit tcp host [proxy-server-ip] any eq 80

permit tcp host [proxy-server-ip] any eq 443

deny tcp [LAN-subnet] [LAN-subnet mask] any eq 80

deny tcp [LAN-subnet] [LAN-subnet mask] any eq 443

permit ip any any

interface fx/x (Interface facing the LAN)

ip access-group PROXY in

Go to solution
noxkrugger
Level 1
Level 1
In response to Edison Ortiz

‎12-16-2007 08:35 AM

thanks EdisonOrtiz,

but if we block the incoming traffic from LAN-subnet for port 80 & 443, the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Can you explain more?

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to noxkrugger

‎12-16-2007 10:48 AM

> but if we block the incoming traffic from LAN-subnet for port 80 & 443,

> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

Yes

> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Notice, there is a permit for the proxy server IP address in the ACL

0 Helpful

Go to solution
noxkrugger
Level 1
Level 1
In response to Edison Ortiz

‎12-17-2007 09:37 AM

thank you EdisonOrtiz..right now I can create rule for my LAN outbound via web proxy server

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card