Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1841 Routing

Hi Guys,

I need help on routing settings of our Cisco 1841 router.

Out network IP Address is 192.168.0.0 then we have a proxy server with an IP Address of 192.168.15.2, our router IP Address is 192.168.15.1 and the WAN IP of our router is 10.10.12.2 in our router config these are the settings:

ip route 0.0.0.0 0.0.0.0 192.168.15.2

ip route 192.168.0.0 255.255.0.0

10.10.12.1

The statement 0.0.0.0 0.0.0.0 192.168.15.2 means any request not intended to 192.168.0.0 will be routed to the proxy server like internet access.

What I want is to change this settings, how can I route any internet request to the proxy server without using the 0.0.0.0 0.0.0.0 statement?

Hope you can help me guys.

Thanks.

John

9 REPLIES
New Member

Re: Cisco 1841 Routing

The most common ways are to configure the browser with the ip address of the proxy server or use a pac file The other is to configure WCCP V2 on the router and proxy server. Do you know if your proxy server supports WCCP and if not what type of proxy is it?

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_wccp_ps6350_TSD_Products_Configuration_Guide_Chapter.html

The 3rd way is through Policy Based Routing, but would complicate your configuration.

Aaron

NonStop Networks, LLC

New Member

Re: Cisco 1841 Routing

Hi Aaron,

We are using linux proxy server with squid.

Our user's browser are set to use the proxy server ip address so any http request can pass to the proxy server. My problem is other request like smtp, https and others they need to pass to the proxy server.

Can you give further advice?

Thanks.

John

Hall of Fame Super Silver

Re: Cisco 1841 Routing

John

Probably the other alternative is to configure Policy Based Routing. With PBR you configure a route map which will identify traffic to be routed different from what is in the routing table. So you could identify smtp, https, etc and forward them to the proxy server. But this is much more complex than just using the 0.0.0.0 route. Why do you want to avoid using the 0.0.0.0 route?

HTH

Rick

New Member

Re: Cisco 1841 Routing

Hi Rick,

Thanks for the reply. I can really make use of PBR in our network. The reason I don't want to use the 0.0.0.0 route is simply because I want to control any request going to my proxy server. I think there is something in my network that eat lots of internet bandwidth so I want to control and manage any internet request.

Can you give me examples on PBR or any links that discusses it?

Thanks,

John

Hall of Fame Super Silver

Re: Cisco 1841 Routing

John

PBR is configured using a route map and is configured on the interface where the traffic arrives. So assuming that Fast0/1 is the interface where your user traffic is comging from a config might look something like this:

interface fasst0/1

ip policy route-map inet_traffic

!

route-map inet_traffic permit 10

match ip address 101

set next-hop 192.168.15.2

!

access-list 101 permit ip

You would need to figure what access list details would accurately describe the Internet traffic that you want to send through the proxy server.

HTH

Rick

New Member

Re: Cisco 1841 Routing

Squid and Linux support WCCP for http redirection.

SMTP by default is a proxy protocol. Just configure your internal mail server to forward to it and external mx record to the Static NAT setup on the 1841. Sendmail or another program will need to be configured on it to forward to your internal mail server.

Most other request, you won't want going to the proxy. Most IM clients have proxy settings. Not sure what other apps in your organization require internet access. Just allow them to the internet directly. The other option is to set up the linux box to proxy those request. i.e. Linux has port forwarding cababilities, ssh/telnet proxies, etc.

Keep in mind the more you add and rely onn the one linux box, the more issues you will have if it fails.

New Member

Re: Cisco 1841 Routing

Hi amagruder,

I have setup my proxy server for port forwarding already. But aside from that I also want to control and manage my network as to what protocols and ports they will access to the internet via our Cisco router.

Im not comfortable with the 0.0.0.0 routing.

Thanks for the reply.

New Member

Re: Cisco 1841 Routing

Use ACL's on the router. This will allow only the protocols, ports, ip combinations you want. If you have the SEC image, you can use CBAC for protocol inspection.

New Member

Re: Cisco 1841 Routing

Thanks for the help amagruder.

1210
Views
10
Helpful
9
Replies