Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Force traffic to a public proxy

Hi friends,

I have a unique requirement from a customer. He does not have any web filtering device in his network but he believes that web filtering can be done by some public proxy if we force traffic towards it.

I know the IP address of the proxy but i really dont think that we have a mechanism to force traffic towards a public proxy in the network.

Has anyone come across a similar requirement and has managed to implement it?

Thanks and Regards



Re: Force traffic to a public proxy

if u have a cisco router and the ip do PBR which is policy based routing

first u need to make sure u have reachability to that proxy ip by ping it from the router once u got the reply

do the folowing steps

lets say the LAN network is

and connected to fastethernet 1/0

access-list 1



route-map PBR-1 permit 10

match ip address 1

set next-hop [proxy IP]

then apply it to the interface connected to the LAN

int fa 1/0

ip policy route-map PBR-1

good luck

please, if helpful Rate

Hall of Fame Super Silver

Re: Force traffic to a public proxy

Hello Gautam,

if the public proxy is somewhere in the internet configuring PBR on border router doesn't guarantee the result.

You would need a cooperating device that has to terminate a GRE tunnel with the other end is your border router and that is directly connected to the proxy.

Otherwise some application layer mechanism is needed like TCP intercept plus a way to open sessions to the proxy.

Hope to help


New Member

Re: Force traffic to a public proxy

Thanks a lot for the kind help. Even i had a doubt on this. The public proxy is connected directly to our ISP network and even i believe that we have to agree with our ISP for such a kind of setup.

But i was just wondering if this is possible without ISP intervention?

Thanks a lot

Hall of Fame Super Silver

Re: Force traffic to a public proxy

Hello Gautam,

doing this work at the application layer means:

your router intercepts all http requests

for each http/TCP session the router needs to open a TCP session to the proxy.

On its turn the proxy will handle the router initiated TCP sessions and will open the sessions to the real servers in the internet.

You can call this a hierarchy of proxies like the hierarchies of web caches.

But I don't know if you can do this on a Cisco router alone : TCP intercept allows for the first part that of handling user sessions.

Then, all possible urls should be resolved by DNS on the public proxy ip address.

May be with a good DNS config you can do this without even using TCP intercept on the router.

This is the kind of things that require to go on the upper layers above layer3.

Hope to help