Well the proxy is probably going to be traffic inspector, I have no idea if it can act as a transparent proxy or if it supports span to mirror traffic. Thanks for the guide.

what ip addresses to use in the proxy if put between the router and the switch? i mean the outside network address would be from the switches subnet 10.10.10.0/24 and the internal network with the same network 10.10.10.0/24 just a different ip address? and if placed after the router would it allow the vpn connections through?

Hi,

You don't know what it's going to be yet? I would wait and find out what you'll be using so you know what options are available to you and how to set it up. The manual will explain what setups you can use and how to configure.

That said, if the device is inline, it will have an internal IP for management. You wouldn't put it after the router unless it's some kind of hardened device as well, but if somehow you got something that was meant to be placed there, it would definitely allow VPN connections through otherwise it would be a pretty dumb product...

Regards,

Tim

Peace,

we tried to put the proxy server between the router and the switch and the internet connection worked with 33% loss but it worked. the ip arp showed the internal ip addresses as incomplete and the voice over ip stopped working, there where no ips for the ip phones in the arp table.  The proxy server worked only after changing the native vlan to the data or voice vlan, I first set up the native vlan to match on both sides and consequently the external and internal lan on the proxy server had ip's from the same pool. then i tried to make the voice vlan as natvie on the other side to have a different pool on the proxy and in both cases internet worked with 33% loss or a bit less.

here is the configuration on the router interface:

interface GigabitEthernet0/0.31
description Data
encapsulation dot1Q 31 native
ip address 10.10.0.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress

here is the configuration on the switch:

interface GigabitEthernet2/0/46
description to router port g0/0
switchport trunk native vlan 31
switchport trunk allowed vlan 1,30,31
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk

the proxy server was set with the lan side to 10.10.0.1/24 and wan side with 10.10.0.253/24 with gateway 10.10.0.254

when i deliberately made a vlan mismatch, the router interface GigabitEthernet0/0.30 was the native. and the external lan on the proxy was set to 10.10.1.253/24 and in both cases, as i said, internet worked.

I thought the trunk between the switch and the router was supposed to work regardless of the proxy. We set the proxy to use the windows connection sharing. Why did it only work on the native vlan and the rest of the services didn't work?

Hi,

I don't think your proxy is set up properly. It does not sound right to me (how it's inline but with routed interfaces both on the same subnet).

What is this proxy and what are the deployment methods as stated by their documentation?

Regards,

Tim

The deployment methods are as a gateway or as a port listener, the proxy is called ,as i said, traffic inspector. perhaps you have a proxy to recommend?

We deployed it a s a gateway so that it passes all traffic.