WSA and Cisco Policy Based Routing

Unanswered Question
Apr 10th, 2008

I'm looking to convert my WSA from explicit to transparent proxy using policy based routing on a Cisco router. See the config below where xxx.xxx.xxx.xxx is the P1 interface on the WSA. Does anyone see any issues with the following in a production environment?

!
access-list 110 permit tcp any any eq www
!
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop xxx.xxx.xxx.xxx
!
interface ethernet0/1
ip policy route-map proxy-redirect
!

The P1 interface on the WSA is located upstream from the router so I'm not checking for it in the ACL.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jason_ironport Fri, 04/11/2008 - 16:37

That router configuration looks good to me, but just make sure that the WSA was configured for Transparent mode during the initial System Setup Wizard configuration. If it was initially configured for explicit only, then you will need to run the wizard again to change it to transparent.

Also, make sure to add a deny statement to the top of access-list 110 for the WSA IP address if the WSA will be going out to the Internet through the same e0/1 interface. Loops are bad. :twisted:

Cheers,
Jason

Actions

This Discussion