Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
5
Replies

Route map issue

Go to solution
mrsystemengineer
Level 1
Level 1

‎08-12-2010 12:54 PM - edited ‎03-04-2019 09:24 AM

As per attached diagram,

      I have two isp and two core switch with 10 vlans and two core switch interconnected with cascading.  One vlan i put Bluecoat and we are using proxy.

I need to block all internet traffic without proxy.  I mean any internet traffic should forward to bluecoat. For this i used route map.

interface BVI1
ip address 192.168.1.3 255.255.255.0 secondary
ip access-group 110 in
ip nat inside
ip policy route-map LOCAL_ACCESS
speed auto
full-duplex

ip access-list extended NO_PROXY
permit tcp any any eq www
permit tcp any any eq 443

route-map LOCAL_ACCESS permit 10
match ip address NO_PROXY
set ip next-hop 192.168.2.8

but its not working.

  Can anyone help in the scenerio.

Labels:
Preview file
18 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohamed Sobair
Level 7
Level 7

‎08-12-2010 01:16 PM

Hi,

Do you have IRB between Vlans here? if so, make sure the BVI is the gateway for those vlans. and make sure (bluecoat) has its default GW set to 192.168.2.x subnet SVI interface.

There are two ways to redirect traffic to the proxy, either by PBR or WCCP.

perhaps if you elaborate more , So we can provide better response.

HTH

Mohamed

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mohamed Sobair
Level 7
Level 7

‎08-12-2010 01:16 PM

Hi,

Do you have IRB between Vlans here? if so, make sure the BVI is the gateway for those vlans. and make sure (bluecoat) has its default GW set to 192.168.2.x subnet SVI interface.

There are two ways to redirect traffic to the proxy, either by PBR or WCCP.

perhaps if you elaborate more , So we can provide better response.

HTH

Mohamed

0 Helpful

Go to solution
mrsystemengineer
Level 1
Level 1
In response to Mohamed Sobair

‎08-12-2010 07:14 PM

yes mohammed,  i was tested with wccp but we are not using wccp. can you explain me about PBR.

regards

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-12-2010 03:28 PM

You show one IP address on the interface, which is a secondary address and which does not match any of the VLANs mentioned in your drawing. Perhaps you can clarify what is going on here about addressing. And perhaps clarifying would help us understand some other things as well that might be part of the problem.

I do not see any particular issues with the route map, assuming that BVI1 is the layer 3 interface where traffic from the clients comes in. It might help to know what is in access list 110 as this could easily be part of the issue. And since your BVI interface is configured as ip nat inside, there is also the possibility that your issue could be an address translation issue.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
amar_5664
Level 1
Level 1

‎08-12-2010 06:05 PM

192.168.2.8 seems to be your Bluecoat Proxy device. Is your Bluecoat device able to ping Internet? If you are trying to access internet from your internal LAN could you confirm if you have configure proxy details on your devices or perhaps using 'proxy.pac' file.

0 Helpful

Go to solution
mrsystemengineer
Level 1
Level 1
In response to amar_5664

‎08-12-2010 07:28 PM

yes i was done completely one i want to know that how i can reroute traffic on bluecoat. I have to used pbr on router side or core switch and i need one example of pbr.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card