• Advertisement

Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 12:58 pm

Hey Ribin,

 

Use route-map to route port 80 (internet) traffic to Squid Proxy Server. Also you need to configure IPtables on squid accordingly (in case of transparent Proxy) Use below configuration on your cisco ASA (i.e. on your gateway). Check whether route-map command is available on your ASA.

 

access-list 111 deny   tcp any any neq www                    (create access list for port 80 traffic)

access-list 111 deny   tcp host 192.168.100.1 any          (192.168.100.1  - squid proxy)

access-list 111 permit tcp any any

 

route-map proxy-redirect permit 100

match ip address 111

set ip next-hop 192.168.100.1                 (forward all port 80 traffic to squid- 192.168.100.1)

 

Cheers!!

Guest
 

Advertisement

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 2:00 pm

Hi Santhosh,

 

Yes, route-map command is available in my ASA. Can I do the similar configuration in my Layer 3 switch? My L3 switch has ipservices ios and it supports route-map commands, rather than doing this in ASA?

 

- Ribin

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 2:11 pm

Hi Ribin

 

Yes you can use route-map on your switch (but switch needs to be gateway for your network). I am using route map on my cisco 3750 series switch with Squid which is acting as gateway for my network... Let me know if you have any issues.

 

Cheers!!!

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 3:50 pm

I will give it a try today and let u know....

 

- Ribin

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 4:28 pm

Hey Santhosh,

 

Just a final review before I try this. My scenario is like below:

 

Users (in 192.168.40.0/24 n/w) ------- Layer 3 with vlans 40 and 30(default g/w of all  traffic is 192.168.30.1 which is ASAs inside IP) ------------(192.168.30.8) ASA--------Internet.

 

Users and proxy server (192.168.40.201) are in the same vlan 40. Where do I need to apply the policy map? I hope it is in vlan 40 in my layer 3 switch, right?

 

- Ribin

Guest
 

PreviousNext


  • Advertisement


Similar topics


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 3 guests