PBR and port redirection

Unanswered Question
Jan 23rd, 2011

What does the first line of below acl does for proxy redirect? I hope  it denies all traffic except 80 and redirects 80 traffic to proxy ip?

access-list 111 deny   tcp any any neq www
access-list 111 deny   tcp host 192.168.40.11 any

access-list 111 permit tcp any any

192.168.40.11 is my proxy ip.

This config works for me. But at times, we are not able to access some https sites..For eg, http://gmail.com redirects to https://gmail.com, but it doesnt work all the time.

- Ribin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jennifer Halim Sun, 01/23/2011 - 23:47

You are right, if the ACL is applied to the proxy redirection ACL, it does mean what you posted earlier.

Basically, the acl says:

line 1: deny all TCP traffic whose port is not equal to www (port 80)

line 2: deny all TCP traffic from the proxy server

line 3: permit all TCP outbound traffic

Since line 1 already deny all TCP ports but port 80, line 3 essentially means permit TCP/80.

So in summary, redirect all TCP/80 traffic except traffic from the proxy serve itself. Everything else will not be redirected.

Actions

Login or Register to take actions

This Discussion

Posted January 23, 2011 at 8:45 PM
Stats:
Replies:1 Avg. Rating:
Views:414 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446