Unanswered Question
Aug 13th, 2010


My Setup is




                                                                                                      vlan 22


                                                                                                     Microsoft ISA Proxy

All users who wants to browse Internet goes via the proxy Server ( http and 443 are only allowed on proxy )

On Layer3Sw all traffic goes to ASA firewall ( on L3Sw there is ip route )

All users Browser are pointing to Proxy_Server_IP

Some application needs different ports ( example : PPTP  and one specific Elearning application needs port 443, 80, 9910,8085 )

How do I make these application work?

Allowing the needed ports on proxy doesnt help??, as the default route from L3sw is ASA

Users IP are not static (DHCP)

The applicatin only work when I open the ports on ASA for needed ports and 443 + 80  ( just opening the needed ports without 443 & 80 doesnt work )

Any suggestion

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kyukim Fri, 08/13/2010 - 14:51

Hi, you can configure PBR on L3 SW to redirect application traffic from hosts to MS Proxy server.

Here is a config example.

int vlan x --> x is user vlan

  ip add x.x.x.x

  ip policy route-map rm-pbr ---> Apply PBR on user vlan interface. So, incoming traffic matches with route-map will be redirected to proxy server

route-map rm-pbr permit 10

match ip address acl-pbr  --> matching traffic with ACL

set ip next-hop y.y.y.y --> ip address of Proxy Server

ip access ext acl-pbr   --> traffic that you want to redirect to proxy server.

permit tcp x.x.x.0 443 any

permit tcp x.x.x.0 80 any

permit tcp x.x.x.0 9910 any

You can check if your L3 switch supports PBR from http://tools.cisco.com/ITDIT/CFN/Dispatch?act=featSelect&task=init&featStartsWith=All

PBR config guide on 3550.




This Discussion