Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Hey Ribin, Use route-map to route port 80 (internet) traffic to Squid Proxy Server. Also you need to configure IPtables on squid accordingly (in case of transparent Proxy) Use below configuration on your cisco ASA (i.e. on your gateway). Check whether route-map command is available on your ASA. access-list 111 deny tcp any any neq www (create access list for port 80 traffic)access-list 111 deny tcp host 192.168.100.1 any (192.168.100.1 - squid proxy)access-list 111 permit tcp any any route-map proxy-redirect permit 100 match ip address 111 set ip next-hop 192.168.100.1 (forward all port 80 traffic to squid- 192.168.100.1) Cheers!!
Hi Santhosh, Yes, route-map command is available in my ASA. Can I do the similar configuration in my Layer 3 switch? My L3 switch has ipservices ios and it supports route-map commands, rather than doing this in ASA? - Ribin
Hi Ribin Yes you can use route-map on your switch (but switch needs to be gateway for your network). I am using route map on my cisco 3750 series switch with Squid which is acting as gateway for my network... Let me know if you have any issues. Cheers!!!
I will give it a try today and let u know.... - Ribin
Hey Santhosh, Just a final review before I try this. My scenario is like below: Users (in 192.168.40.0/24 n/w) ------- Layer 3 with vlans 40 and 30(default g/w of all traffic is 192.168.30.1 which is ASAs inside IP) ------------(192.168.30.8) ASA--------Internet. Users and proxy server (192.168.40.201) are in the same vlan 40. Where do I need to apply the policy map? I hope it is in vlan 40 in my layer 3 switch, right? - Ribin