need help with redirecting port 80 traffic

Discussion in 'Cisco' started by essenz, Mar 27, 2009.

  1. essenz

    essenz Guest

    I've been working on this for awhile now, but have bad no progress. I
    have a small regional Wifi network, the field units (private IP) all
    talk to a Cisco 7301 where I use ip nat to get them to go out the
    7301's public wan interface.

    There is a company that I want to work with who can provide web
    content filtering, as well as access control. So they have a server at
    their location that I need to forward or redirect all my outbound port
    80 traffic to. This server at their location for arguments sake is
    listening on public IP 5.6.7.9 tcp port 21453.

    The company has supported configs for PIX/ASA, but not for Cisco
    Layer3 switches or routers.

    I've looked at nat, ssg, wccp, and cant really find anything that does
    this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.

    In addition to my ip nat inside and ip nat outside on the two
    interfaces, I have:

    ip nat inside source list OutboundNat interface FastEthernet1/1
    overload

    Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
    nat.

    Is their a way on the 7301 to easily forward all outbound port 80
    traffic to 5.6.7.9 port 21453? The followup to this is all other
    traffic (not port 80), should go out to the internet as normal.

    Now I also have a 3750 Switch much higher in the network topology that
    actually hands off the traffic to my ISP, so I could also do something
    at that layer as well, especially if the 7301 load is too much. Right
    now with my current NAT, the 7301's are at 8% cpu load.

    Thanks
    John
    essenz, Mar 27, 2009
    #1
    1. Advertising

  2. essenz

    essenz Guest

    Wow... I stumped the group! I'm at my wits ends with this. The company
    that provides the filtering has admitted that they have never gotten
    this to work on a non-ASA or non-PIX device.

    They gave me some configs on how to do a dnat, but it still doesn't
    work because the dnat syntax can only redirect a specific IP port 80
    to my external IP port 21453, but I need to match ALL ip's on port 80.

    I also looked at route-maps, but if I go that route, I cant change the
    port?!
    essenz, Mar 31, 2009
    #2
    1. Advertising

  3. essenz

    John Agosta Guest

    "essenz" <> wrote in message
    news:...
    > I've been working on this for awhile now, but have bad no progress. I
    > have a small regional Wifi network, the field units (private IP) all
    > talk to a Cisco 7301 where I use ip nat to get them to go out the
    > 7301's public wan interface.
    >
    > There is a company that I want to work with who can provide web
    > content filtering, as well as access control. So they have a server at
    > their location that I need to forward or redirect all my outbound port
    > 80 traffic to. This server at their location for arguments sake is
    > listening on public IP 5.6.7.9 tcp port 21453.
    >
    > The company has supported configs for PIX/ASA, but not for Cisco
    > Layer3 switches or routers.
    >
    > I've looked at nat, ssg, wccp, and cant really find anything that does
    > this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.
    >
    > In addition to my ip nat inside and ip nat outside on the two
    > interfaces, I have:
    >
    > ip nat inside source list OutboundNat interface FastEthernet1/1
    > overload
    >
    > Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
    > nat.
    >
    > Is their a way on the 7301 to easily forward all outbound port 80
    > traffic to 5.6.7.9 port 21453? The followup to this is all other
    > traffic (not port 80), should go out to the internet as normal.
    >
    > Now I also have a 3750 Switch much higher in the network topology that
    > actually hands off the traffic to my ISP, so I could also do something
    > at that layer as well, especially if the 7301 load is too much. Right
    > now with my current NAT, the 7301's are at 8% cpu load.
    >
    > Thanks
    > John
    >
    >


    Perhaps you could use PBR to direct port 80 traffic towards another
    interface,
    and upstream from that (new) interface perform your NAT task ?
    John Agosta, Mar 31, 2009
    #3
  4. essenz

    bod43 Guest

    On 31 Mar, 15:53, "John Agosta" <> wrote:
    > "essenz" <> wrote in message
    >
    > news:...
    >
    >
    >
    >
    >
    > > I've been working on this for awhile now, but have bad no progress. I
    > > have a small regional Wifi network, the field units (private IP) all
    > > talk to a Cisco 7301 where I use ip nat to get them to go out the
    > > 7301's public wan interface.

    >
    > > There is a company that I want to work with who can provide web
    > > content filtering, as well as access control. So they have a server at
    > > their location that I need to forward or redirect all my outbound port
    > > 80 traffic to. This server at their location for arguments sake is
    > > listening on public IP 5.6.7.9 tcp port 21453.

    >
    > > The company has supported configs for PIX/ASA, but not for Cisco
    > > Layer3 switches or routers.

    >
    > > I've looked at nat, ssg, wccp, and cant really find anything that does
    > > this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.

    >
    > > In addition to my ip nat inside and ip nat outside on the two
    > > interfaces, I have:

    >
    > > ip nat inside source list OutboundNat interface FastEthernet1/1
    > > overload

    >
    > > Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
    > > nat.

    >
    > > Is their a way on the 7301 to easily forward all outbound port 80
    > > traffic to 5.6.7.9 port 21453? The followup to this is all other
    > > traffic (not port 80), should go out to the internet as normal.

    >
    > > Now I also have a 3750 Switch much higher in the network topology that
    > > actually hands off the traffic to my ISP, so I could also do something
    > > at that layer as well, especially if the 7301 load is too much. Right
    > > now with my current NAT, the 7301's are at 8% cpu load.

    >
    > > Thanks
    > > John

    >
    > Perhaps you could use PBR to direct port 80 traffic towards another
    > interface,
    > and upstream from that (new) interface perform your NAT task ?-


    To the OP -

    Why don't you post details of the provider and the pix
    configurations that are supposed to work? The knowledge
    and understanding required to magically interpret your
    request (if indeed there is sufficient information to
    unambiguously interpret it at all) is very substantial.

    I suppose that there may be some ip nat outside source
    statement that might do the job but that would depend on the
    http containing sufficient information for the 'proxy' to
    send the packets on to the correct destination.

    WCCP Was designed for this - have you asked the provider
    if they support WCCP?
    bod43, Apr 1, 2009
    #4
  5. essenz

    alexd Guest

    essenz wrote:

    > Wow... I stumped the group! I'm at my wits ends with this. The company
    > that provides the filtering has admitted that they have never gotten
    > this to work on a non-ASA or non-PIX device.


    Do you absolutely have to do this on your Cisco kit? If not, try doing it
    with iptables:

    http://tldp.org/HOWTO/TransparentProxy-6.html

    --
    <http://ale.cx/> (AIM:troffasky) ()
    19:44:48 up 117 days, 20:56, 2 users, load average: 0.08, 0.10, 0.05
    Sexy ladies, and nasty boys, all freaky freakin', to the robot noise
    alexd, Apr 1, 2009
    #5
  6. essenz

    unsleepable

    Joined:
    Jun 7, 2010
    Messages:
    1
    Hi,

    Can you please post these proposed configurations? I would appreciate it for another project and from there we could also figure out the correct configuration for a router.

    Thanks!
    unsleepable, Jun 7, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CybrSage

    Redirecting all WWW traffic

    CybrSage, Jul 18, 2003, in forum: Cisco
    Replies:
    7
    Views:
    1,754
    CybrSage
    Jul 19, 2003
  2. Tim Mavers
    Replies:
    3
    Views:
    12,668
    Chad Mahoney
    Apr 13, 2004
  3. jlatulip
    Replies:
    4
    Views:
    1,023
    Salvatore
    May 13, 2006
  4. Replies:
    7
    Views:
    7,004
    Mysticmoose06
    Mar 30, 2007
  5. anita

    redirecting traffic from LAN to WLAN on a server

    anita, Jan 6, 2009, in forum: Wireless Networking
    Replies:
    0
    Views:
    409
    anita
    Jan 6, 2009
Loading...

Share This Page