Question

Locked

Cisco Proxy redirect feature anyone!?

By R_O_L_A_N_D ·
Hi All,

I?m currently installing Squid on my lan.
It?s a linux based proxy. I?m in process of installing it as a Transparent proxy, in the aim of making a smooth transition without user intervention of configuring proxy on their browser.
In order to do so, I need the my cisco 2811 router to deny access to port 80 & 8080 except for one specific ip (which would be Squid).
I?ve looked around and found that it could be done as such:


access-list 2020 deny tcp any any eq 80
access-list 2020 deny tcp any any eq 8080
access-list 2020 permit tcp host 192.168.0.87 any (our proxy ip)
access-list 2020 permit tcp any any

route-map proxy-redirect permit 10
match ip address 2020
set ip next-hop 192.168.0.87

int f0/1
ip policy route-map proxy-redirect

in this case, I?m hoping that the router denies packets destined to port 80/8080/https from traversing it, and instead of dropping it directs it to ip 192.168.0.87 which is the only one allowed through.

would this work? doest it make sense?!
is there any better way to do so or a sort of "right" way at least!
i'm a bit reluctant to try this as am working on a live system obviously and denying port 80/8080 has drastic consequences if i had to simply TRY if it works..
especially that i'm a bit worried about the policy map.
i already have a route map applied on my lan interface that directs static routes to a 3d ISP. a sort of route map.

any help or advice is appreciated:)

thanks in advance,

Roland

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
0 total posts (Page 1 of 1)  

Related Forums