Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PBR and port redirection

What does the first line of below acl does for proxy redirect? I hope  it denies all traffic except 80 and redirects 80 traffic to proxy ip?

access-list 111 deny   tcp any any neq www
access-list 111 deny   tcp host 192.168.40.11 any

access-list 111 permit tcp any any

192.168.40.11 is my proxy ip.

This config works for me. But at times, we are not able to access some https sites..For eg, http://gmail.com redirects to https://gmail.com, but it doesnt work all the time.

- Ribin

1 REPLY
Super Bronze

Re: PBR and port redirection

You are right, if the ACL is applied to the proxy redirection ACL, it does mean what you posted earlier.

Basically, the acl says:

line 1: deny all TCP traffic whose port is not equal to www (port 80)

line 2: deny all TCP traffic from the proxy server

line 3: permit all TCP outbound traffic

Since line 1 already deny all TCP ports but port 80, line 3 essentially means permit TCP/80.

So in summary, redirect all TCP/80 traffic except traffic from the proxy serve itself. Everything else will not be redirected.

426
Views
0
Helpful
1
Replies