×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Route Maps and Port Forwarding

Unanswered Question
Nov 23rd, 2006
User Badges:

Greetings.


We use an 1801 to do IPSEC connections back to our corp location. At our corp location, we have a web proxy (SQUID) server running on port 9200.


We would like to force port 80, 443 (and any other ports specified in an ACL) traffic from the LAN side of the 1801 to the Proxy server on port 9200.


The LAN network behind the 1801 is 10.10.10.0/24. The Proxy server is 172.17.16.23. We would like all traffic specified in the ACL to be forwarded to the proxy server on port 9200.


Mind you, the 172 address is over the internet, over an ipsec tunnel.


I was able to set up a route-map which appears to capture the traffic, but it does not seem to use the next-hop, and I am baffled as to how to port forward it.


Notes: The LAN "data" traverses vlan 80. The f0 port is the aggregate port that connects to a cable modem. The 10.10.10.0/24 address are all on vlan 80.


****

access-list 111 permit tcp any any eq 80

access-list 111 permit tcp any any eq 443


route-map proxy-rm permit 11

match ip address 111

set ip next-hop 172.17.16.23


interface vlan 80

ip policy route-map proxy-rm


****


Suggestions or thoughts?


Thanks in advance for your time.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Thu, 11/23/2006 - 22:20
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Jason,


One of the requirements for performing a route-map is to have the next-hop ip identified as a connected interface.


As you mentioned the 172.17.16.23 is over the internet so this won't work.


My suggestion is creating a tunnel interface, in addition to the IPSec, and use the tunnel interface IP as the next hop.


HTH,


Actions

This Discussion