Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 1:58 pm

Hey Ribin, Use route-map to route port 80 (internet) traffic to Squid Proxy Server. Also you need to configure IPtables on squid accordingly (in case of transparent Proxy) Use below configuration on your cisco ASA (i.e. on your gateway). Check whether route-map command is available on your ASA. access-list 111 deny   tcp any any neq www                    (create access list for port 80 traffic)access-list 111 deny   tcp host 192.168.100.1 any          (192.168.100.1  - squid proxy)access-list 111 permit tcp any any route-map proxy-redirect permit 100 match ip address 111 set ip next-hop 192.168.100.1                 (forward all port 80 traffic to squid- 192.168.100.1) Cheers!!

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 3:00 pm

Hi Santhosh, Yes, route-map command is available in my ASA. Can I do the similar configuration in my Layer 3 switch? My L3 switch has ipservices ios and it supports route-map commands, rather than doing this in ASA? - Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 3:11 pm

Hi Ribin Yes you can use route-map on your switch (but switch needs to be gateway for your network). I am using route map on my cisco 3750 series switch with Squid which is acting as gateway for my network... Let me know if you have any issues. Cheers!!!

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 4:50 pm

I will give it a try today and let u know.... - Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 5:28 pm

Hey Santhosh, Just a final review before I try this. My scenario is like below: Users (in 192.168.40.0/24 n/w) ------- Layer 3 with vlans 40 and 30(default g/w of all  traffic is 192.168.30.1 which is ASAs inside IP) ------------(192.168.30.8) ASA--------Internet. Users and proxy server (192.168.40.201) are in the same vlan 40. Where do I need to apply the policy map? I hope it is in vlan 40 in my layer 3 switch, right? - Ribin

Post Reply