Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
4
Helpful
5
Replies

policy routing

Go to solution
itdsmartnet
Level 1
Level 1

‎07-23-2008 09:09 PM - edited ‎03-03-2019 10:52 PM

hi, i want to configure proxy interception feature on my network. There are about 10 vlans on my network and i want to configure policy routing so that the traffic for www should be intercepted and forwarded to the proxy server. For that i want to configure policy routing, is it possible to configure route-map and apply that route-map to interface VLAN. I have 3750 and 4948 switches.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to itdsmartnet

‎07-24-2008 10:30 AM

Hello,

well you need three interfaces:

one towards the customer/client where you do PBR on incoming packets

one ouside WAN interface towards the internet

one dmz / horizontal link where you place the proxy / web cache

Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.

So you will have two coordinated TCP sessions

user <-----> proxy TCP_A

proxy <-----> real web server TCP_B

Return path will be

outside -> proxy -> || proxy --> user

TCP_B || TCP_A

Hope to help

Giuseppe

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-24-2008 12:52 AM

Hello Waseem,

if you can configure multiple VLan interfaces on them and you can have all of them up/up = they can do multilayer switching.

If so the answer is yes. Multilayer switches are able to implement PBR in a very efficient way by modifying the action to be done on the TCAM table. (the ip next hop I mean)

Hope to help

Giuseppe

0 Helpful

Go to solution
itdsmartnet
Level 1
Level 1
In response to Giuseppe Larosa

‎07-24-2008 02:28 AM

hi giulsar

one thing which is confusing me is the placement of Proxy server, should i configure Layer3 port for the inside(LAN interface) and outside (WAN interface) network for the proxy server. Or should i place inside (LAN interface) network on some of the vlan and configure Layer 3 port for the outside (WAN interface). Then configure user on LAN having their default gatway ( ip address of interface VLAN) and apply route-map on interface VLAN to intercept the traffic for www.

Thanks

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to itdsmartnet

‎07-24-2008 10:30 AM

Hello,

well you need three interfaces:

one towards the customer/client where you do PBR on incoming packets

one ouside WAN interface towards the internet

one dmz / horizontal link where you place the proxy / web cache

Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.

So you will have two coordinated TCP sessions

user <-----> proxy TCP_A

proxy <-----> real web server TCP_B

Return path will be

outside -> proxy -> || proxy --> user

TCP_B || TCP_A

Hope to help

Giuseppe

0 Helpful

Go to solution
itdsmartnet
Level 1
Level 1
In response to Giuseppe Larosa

‎07-24-2008 08:08 PM

Hello

Thanks for your help.

0 Helpful

Go to solution
harshi_lib
Level 1
Level 1

‎07-30-2008 01:16 AM

Yes, Policy Routing works on these switches. You can configure route-map and apply it to interface VLAN.

But make sure that you should be having IPSERVICES image installed in the switch

Policy Routing doesn't works on BASE Image.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card