PBR and port redirection

Unanswered Question
Jan 23rd, 2011
User Badges:

What does the first line of below acl does for proxy redirect? I hope  it denies all traffic except 80 and redirects 80 traffic to proxy ip?

access-list 111 deny   tcp any any neq www
access-list 111 deny   tcp host any

access-list 111 permit tcp any any is my proxy ip.

This config works for me. But at times, we are not able to access some https sites..For eg, http://gmail.com redirects to https://gmail.com, but it doesnt work all the time.

- Ribin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sun, 01/23/2011 - 23:47
User Badges:
  • Cisco Employee,

You are right, if the ACL is applied to the proxy redirection ACL, it does mean what you posted earlier.

Basically, the acl says:

line 1: deny all TCP traffic whose port is not equal to www (port 80)

line 2: deny all TCP traffic from the proxy server

line 3: permit all TCP outbound traffic

Since line 1 already deny all TCP ports but port 80, line 3 essentially means permit TCP/80.

So in summary, redirect all TCP/80 traffic except traffic from the proxy serve itself. Everything else will not be redirected.


This Discussion