07-23-2008 09:09 PM - edited 03-03-2019 10:52 PM
hi, i want to configure proxy interception feature on my network. There are about 10 vlans on my network and i want to configure policy routing so that the traffic for www should be intercepted and forwarded to the proxy server. For that i want to configure policy routing, is it possible to configure route-map and apply that route-map to interface VLAN. I have 3750 and 4948 switches.
Solved! Go to Solution.
07-24-2008 10:30 AM
Hello,
well you need three interfaces:
one towards the customer/client where you do PBR on incoming packets
one ouside WAN interface towards the internet
one dmz / horizontal link where you place the proxy / web cache
Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.
So you will have two coordinated TCP sessions
user <-----> proxy TCP_A
proxy <-----> real web server TCP_B
Return path will be
outside -> proxy -> || proxy --> user
TCP_B || TCP_A
Hope to help
Giuseppe
07-24-2008 12:52 AM
Hello Waseem,
if you can configure multiple VLan interfaces on them and you can have all of them up/up = they can do multilayer switching.
If so the answer is yes. Multilayer switches are able to implement PBR in a very efficient way by modifying the action to be done on the TCAM table. (the ip next hop I mean)
Hope to help
Giuseppe
07-24-2008 02:28 AM
hi giulsar
one thing which is confusing me is the placement of Proxy server, should i configure Layer3 port for the inside(LAN interface) and outside (WAN interface) network for the proxy server. Or should i place inside (LAN interface) network on some of the vlan and configure Layer 3 port for the outside (WAN interface). Then configure user on LAN having their default gatway ( ip address of interface VLAN) and apply route-map on interface VLAN to intercept the traffic for www.
Thanks
07-24-2008 10:30 AM
Hello,
well you need three interfaces:
one towards the customer/client where you do PBR on incoming packets
one ouside WAN interface towards the internet
one dmz / horizontal link where you place the proxy / web cache
Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.
So you will have two coordinated TCP sessions
user <-----> proxy TCP_A
proxy <-----> real web server TCP_B
Return path will be
outside -> proxy -> || proxy --> user
TCP_B || TCP_A
Hope to help
Giuseppe
07-24-2008 08:08 PM
Hello
Thanks for your help.
07-30-2008 01:16 AM
Yes, Policy Routing works on these switches. You can configure route-map and apply it to interface VLAN.
But make sure that you should be having IPSERVICES image installed in the switch
Policy Routing doesn't works on BASE Image.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide