Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
1
Replies

Ports

saquib.tandel
Level 1
Level 1

‎08-13-2010 02:34 PM - edited ‎03-04-2019 09:25 AM

Hello

My Setup is

Internet------------------Internet_RTR-------------------ASA-----------------------Layer3Sw-------------------------------------User_Vlan

                                                                                                      |

                                                                                                      |

                                                                                                      vlan 22

                                                                                                      |

                                                                                                     Microsoft ISA Proxy

All users who wants to browse Internet goes via the proxy Server ( http and 443 are only allowed on proxy )

On Layer3Sw all traffic goes to ASA firewall ( on L3Sw there is ip route 0.0.0.0 0.0.0.0 192.168.1.100 )

All users Browser are pointing to Proxy_Server_IP

Some application needs different ports ( example : PPTP  and one specific Elearning application needs port 443, 80, 9910,8085 )

How do I make these application work?

Allowing the needed ports on proxy doesnt help??, as the default route from L3sw is ASA

Users IP are not static (DHCP)

The applicatin only work when I open the ports on ASA for needed ports and 443 + 80  ( just opening the needed ports without 443 & 80 doesnt work )

Any suggestion

Labels:
0 Helpful
1 Reply 1

kyukim
Cisco Employee
Cisco Employee

‎08-13-2010 02:51 PM

Hi, you can configure PBR on L3 SW to redirect application traffic from hosts to MS Proxy server.

Here is a config example.

int vlan x --> x is user vlan

  ip add x.x.x.x 255.255.255.0

  ip policy route-map rm-pbr ---> Apply PBR on user vlan interface. So, incoming traffic matches with route-map will be redirected to proxy server

route-map rm-pbr permit 10

match ip address acl-pbr  --> matching traffic with ACL

set ip next-hop y.y.y.y --> ip address of Proxy Server

ip access ext acl-pbr   --> traffic that you want to redirect to proxy server.

permit tcp x.x.x.0 0.0.0.255 443 any

permit tcp x.x.x.0 0.0.0.255 80 any

permit tcp x.x.x.0 0.0.0.255 9910 any

You can check if your L3 switch supports PBR from http://tools.cisco.com/ITDIT/CFN/Dispatch?act=featSelect&task=init&featStartsWith=All

PBR config guide on 3550.

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00802135d3.shtml

KK.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card