Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Route Maps and Port Forwarding

Greetings.

We use an 1801 to do IPSEC connections back to our corp location. At our corp location, we have a web proxy (SQUID) server running on port 9200.

We would like to force port 80, 443 (and any other ports specified in an ACL) traffic from the LAN side of the 1801 to the Proxy server on port 9200.

The LAN network behind the 1801 is 10.10.10.0/24. The Proxy server is 172.17.16.23. We would like all traffic specified in the ACL to be forwarded to the proxy server on port 9200.

Mind you, the 172 address is over the internet, over an ipsec tunnel.

I was able to set up a route-map which appears to capture the traffic, but it does not seem to use the next-hop, and I am baffled as to how to port forward it.

Notes: The LAN "data" traverses vlan 80. The f0 port is the aggregate port that connects to a cable modem. The 10.10.10.0/24 address are all on vlan 80.

****

access-list 111 permit tcp any any eq 80

access-list 111 permit tcp any any eq 443

route-map proxy-rm permit 11

match ip address 111

set ip next-hop 172.17.16.23

interface vlan 80

ip policy route-map proxy-rm

****

Suggestions or thoughts?

Thanks in advance for your time.

1 REPLY
Hall of Fame Super Bronze

Re: Route Maps and Port Forwarding

Jason,

One of the requirements for performing a route-map is to have the next-hop ip identified as a connected interface.

As you mentioned the 172.17.16.23 is over the internet so this won't work.

My suggestion is creating a tunnel interface, in addition to the IPSec, and use the tunnel interface IP as the next hop.

HTH,

199
Views
0
Helpful
1
Replies
CreatePlease to create content