11-14-2001 12:58 PM - edited 03-01-2019 07:22 PM
Is there some way to configure a Cisco 1720 router to point all internet traffic to a proxy server? We accomplish this now by the configuration of NetScape or Internet Explorer on individual workstations, but are looking for a solution that simply direct all internet traffic to the proxy server, which is not on our internal network, without configuring individual workstations. Thanks.
11-15-2001 02:22 AM
There's a difference in the http get when a browser has a proxy configured vs when it does not. This is something to do to with the way subsequent gets are executed within a page as a relative request rather than a full path.
There are high end web cache solutions that you can integrate as transparent proxies that make the configuration of the browser unnecessary, these often employed by ISP's to save bandwidth and improve web performance. Cisco' IOS solution for this is a redirection protocol called WCCP (Web Cache Communication Protocol) which is probably supported on the 1720. HOWEVER this requires WCCP participation by the proxy/cache and the proxy must support transparent cache functions (e.g. it fixes the relative path get problem etc). So unless your proxy supports WCCP transparent cache functions the answer is no, even if you could policy route the packets to the proxy it will not work in most cases.
The next option also requires a proxy/cache that supports transparent proxy, but instead of WCCP you can use a layer4 switch to do the redirection.
Finally, if the manual task of updating your users desktop settings is the problem, find yourself a good MS administrator/guru and ask them how to set the proxy settings during network login.
Or, if this fails, you could always get the users to do the work - If your border/edge router only accepts HTTP from the proxy IP to the Internet, then the users soon learn that they must configure this ... otherwise they don't get web access. But advance notice would be wise ;-)
I hope this helps.
Jeremy.
11-15-2001 06:54 AM
Thanks Jeremy, you have given me a number of good options to pursue. Our problem is not the browser settings, but rather that you certainly do not need a high school diploma, and thus all are students are eligible, to undo those settings. Adding software that would not allow them to change the settings just adds another layer of challenge for them and becomes less practical as our incoming freshman each have their own laptop to use. Also in the US we have a new law where our federal funds can be impacted if we do not demonstrate that we are providing only filtered content to students. Again, thanks for you help.
Paul
11-15-2001 07:53 PM
Another way is use of route map and access-list
Any traffic matched on www port to be policy routed to next hop
eg
route-map internet_traffic permit 5
match ip address internet_traffic
set ip next-hop (next hop IP address to proxy server)
!
ip access-list extended internet_traffic
permit tcp 192.168.1.0 0.0.0.255 any eq www
!
int E0
ip policy route-map internet_traffic
The above config enables any traffic incomming from Ethernet0 matching internal range, with a destination port of www to be policy routed to next hop.
If you have any querries please reply
12-24-2001 11:18 AM
Hi there,
i have a similar question.
what i would like to do is direct my WEB traffic to two proxy servers for load balancing purposes. these two internet proxy servers accept web traffic on ports 3128 and 8080. so we need to translate web traffic from my network to 3128 and 8080 to those two proxy servers. how can this be acheived?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: