Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
1
Replies

PBR and port redirection

ribin.jones
Level 1
Level 1

‎01-23-2011 08:45 PM - edited ‎03-11-2019 12:39 PM

What does the first line of below acl does for proxy redirect? I hope  it denies all traffic except 80 and redirects 80 traffic to proxy ip?

access-list 111 deny   tcp any any neq www
access-list 111 deny   tcp host 192.168.40.11 any

access-list 111 permit tcp any any

192.168.40.11 is my proxy ip.

This config works for me. But at times, we are not able to access some https sites..For eg, http://gmail.com redirects to https://gmail.com, but it doesnt work all the time.

- Ribin

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-23-2011 11:47 PM

You are right, if the ACL is applied to the proxy redirection ACL, it does mean what you posted earlier.

Basically, the acl says:

line 1: deny all TCP traffic whose port is not equal to www (port 80)

line 2: deny all TCP traffic from the proxy server

line 3: permit all TCP outbound traffic

Since line 1 already deny all TCP ports but port 80, line 3 essentially means permit TCP/80.

So in summary, redirect all TCP/80 traffic except traffic from the proxy serve itself. Everything else will not be redirected.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card