08-13-2010 02:34 PM - edited 03-04-2019 09:25 AM
Hello
My Setup is
Internet------------------Internet_RTR-------------------ASA-----------------------Layer3Sw-------------------------------------User_Vlan
|
|
vlan 22
|
Microsoft ISA Proxy
All users who wants to browse Internet goes via the proxy Server ( http and 443 are only allowed on proxy )
On Layer3Sw all traffic goes to ASA firewall ( on L3Sw there is ip route 0.0.0.0 0.0.0.0 192.168.1.100 )
All users Browser are pointing to Proxy_Server_IP
Some application needs different ports ( example : PPTP and one specific Elearning application needs port 443, 80, 9910,8085 )
How do I make these application work?
Allowing the needed ports on proxy doesnt help??, as the default route from L3sw is ASA
Users IP are not static (DHCP)
The applicatin only work when I open the ports on ASA for needed ports and 443 + 80 ( just opening the needed ports without 443 & 80 doesnt work )
Any suggestion
08-13-2010 02:51 PM
Hi, you can configure PBR on L3 SW to redirect application traffic from hosts to MS Proxy server.
Here is a config example.
int vlan x --> x is user vlan
ip add x.x.x.x 255.255.255.0
ip policy route-map rm-pbr ---> Apply PBR on user vlan interface. So, incoming traffic matches with route-map will be redirected to proxy server
route-map rm-pbr permit 10
match ip address acl-pbr --> matching traffic with ACL
set ip next-hop y.y.y.y --> ip address of Proxy Server
ip access ext acl-pbr --> traffic that you want to redirect to proxy server.
permit tcp x.x.x.0 0.0.0.255 443 any
permit tcp x.x.x.0 0.0.0.255 80 any
permit tcp x.x.x.0 0.0.0.255 9910 any
You can check if your L3 switch supports PBR from http://tools.cisco.com/ITDIT/CFN/Dispatch?act=featSelect&task=init&featStartsWith=All
PBR config guide on 3550.
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00802135d3.shtml
KK.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide