Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

policy routing

hi, i want to configure proxy interception feature on my network. There are about 10 vlans on my network and i want to configure policy routing so that the traffic for www should be intercepted and forwarded to the proxy server. For that i want to configure policy routing, is it possible to configure route-map and apply that route-map to interface VLAN. I have 3750 and 4948 switches.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: policy routing

Hello,

well you need three interfaces:

one towards the customer/client where you do PBR on incoming packets

one ouside WAN interface towards the internet

one dmz / horizontal link where you place the proxy / web cache

Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.

So you will have two coordinated TCP sessions

user <-----> proxy TCP_A

proxy <-----> real web server TCP_B

Return path will be

outside -> proxy -> || proxy --> user

TCP_B || TCP_A

Hope to help

Giuseppe

5 REPLIES
Hall of Fame Super Silver

Re: policy routing

Hello Waseem,

if you can configure multiple VLan interfaces on them and you can have all of them up/up = they can do multilayer switching.

If so the answer is yes. Multilayer switches are able to implement PBR in a very efficient way by modifying the action to be done on the TCAM table. (the ip next hop I mean)

Hope to help

Giuseppe

New Member

Re: policy routing

hi giulsar

one thing which is confusing me is the placement of Proxy server, should i configure Layer3 port for the inside(LAN interface) and outside (WAN interface) network for the proxy server. Or should i place inside (LAN interface) network on some of the vlan and configure Layer 3 port for the outside (WAN interface). Then configure user on LAN having their default gatway ( ip address of interface VLAN) and apply route-map on interface VLAN to intercept the traffic for www.

Thanks

Hall of Fame Super Silver

Re: policy routing

Hello,

well you need three interfaces:

one towards the customer/client where you do PBR on incoming packets

one ouside WAN interface towards the internet

one dmz / horizontal link where you place the proxy / web cache

Incoming packets from users will be sent to the proxy ,the proxy will go to the internet opening a TCP session on behalf of the customer.

So you will have two coordinated TCP sessions

user <-----> proxy TCP_A

proxy <-----> real web server TCP_B

Return path will be

outside -> proxy -> || proxy --> user

TCP_B || TCP_A

Hope to help

Giuseppe

New Member

Re: policy routing

Hello

Thanks for your help.

New Member

Re: policy routing

Yes, Policy Routing works on these switches. You can configure route-map and apply it to interface VLAN.

But make sure that you should be having IPSERVICES image installed in the switch

Policy Routing doesn't works on BASE Image.

158
Views
4
Helpful
5
Replies