I have installed Squid caching proxy server in my trusted site. I just want that when someone requests a web site from trusted, firewall send request to Squid. And noone, except Squid server, will use HTTP for webpage request. How can I do that? Is it possible on PIX.(Pix 515 xith 6.22 software, PDM 2.11)
I do not believe that the PIX supports proxy redirection. Cisco routers support that via a propietary protocol, wccp, but I do not believe that functionality has been added to the PIX. Either way, the wccp is propietary and would not work with your squid server. The best way to accomplish may be to point all of your trusted clients to this proxy server and then deny all outgoing web traffic on the PIX except from the squid server. In other workds, the only machine on oyur network able to access web pages will be the squid server.
All you really need to do here is make sure that any packets that come into your PIX on port 80 are redirected to the internal squid server. The squid server is the one doing the proxying, not the PIX, correct? There's only going to be a specific IP address that requests are going to come in on, so just portmap that to your internal squid server.
For example, let's say HTTP requests will come into your PIX at 184.108.40.206, and your squid server is on the inside interface at 10.1.1.1. All you need to do is the following:
The PIX will send the HTTP traffic to the squid server and the squid server should do the rest. You'll run into trouble however if HTTP requests are coming into your PIX at more than one IP address (let's say 220.127.116.11 also). You can't portmap the same port number to the same host, so you'd have to do something like the following:
which would require your users knowing that they have to connect on port 8000 when going to 18.104.22.168, plus being able to have the squid server listen on port 8000. Again though, this is only if you have connections coming in on more than one IP address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :