transparent www proxy - port forwarding with 3660

Discussion in 'Cisco' started by Enrico Gloeckner, Nov 28, 2003.

  1. I have a 3660 Router. This Router is connected to the inside Interface
    of a pix.
    Pix:
    - internal (inside) connected to Router
    - a proxy server 217.6.x.114 netmask 255.255.255.248 in
    dmz (interface dmz)
    - outside interface, connected to internet

    The Router is default Gateway for internal network (192.160.0.0).

    I would like forward http from internal network to internet over the
    proxy server (in dmz). How I can forward this connections from
    internal network (port 80) to the proxy server? The proxy does'nt
    support wcp.

    Thanks,
    Enrico
     
    Enrico Gloeckner, Nov 28, 2003
    #1
    1. Advertising

  2. In article <>,
    Enrico Gloeckner <> wrote:
    :I have a 3660 Router. This Router is connected to the inside Interface
    :eek:f a pix.

    :I would like forward http from internal network to internet over the
    :proxy server (in dmz). How I can forward this connections from
    :internal network (port 80) to the proxy server? The proxy does'nt
    :support wcp.

    You can use Policy Based Routing, provided you have 12.0(5)T or later.

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/prod_release_note09186a0080132a8d.html#290674


    The trick then would be getting the proxy to answer for everything.

    One hack that might work for this is to use a policy along with
    NAT, setting up "outside NAT" so that the NAT maps the -destination-
    as it traverses the router; the proxy would then only have to listen
    on a single IP address. Should work for HTTP/1.1 but would mess
    up HTTP/1.0 .

    If you can't do the above hack on the 3660 (or it is too
    inefficient) then you could do it on the PIX, provided you have
    6.3(3). The "outside NAT" part of it requires 6.2; something
    similar could be done with 'alias' before that. Doing the
    NAT selectively [only port 80], though, would require 6.3(3).

    PIX can NAT selectively starting in 6.3(3), but it cannot
    route that selectively yet (unless you get involved with OSPF.)
    The implication is that you wouldn't be able to just let the 3660
    pass everything through and do the redirection on the PIX,
    because the PIX can't direct -just- port 80 traffic to a different
    interface.
    --
    Those were borogoves and the momerathsoutgrabe completely mimsy.
     
    Walter Roberson, Nov 29, 2003
    #2
    1. Advertising

  3. In article <>,
    Enrico Gloeckner <> wrote:
    >I have a 3660 Router. This Router is connected to the inside Interface
    >of a pix.
    >Pix:
    >- internal (inside) connected to Router
    >- a proxy server 217.6.x.114 netmask 255.255.255.248 in
    > dmz (interface dmz)
    >- outside interface, connected to internet
    >
    >The Router is default Gateway for internal network (192.160.0.0).
    >
    >I would like forward http from internal network to internet over the
    >proxy server (in dmz). How I can forward this connections from
    >internal network (port 80) to the proxy server? The proxy does'nt
    >support wcp.


    Use a route-map on the 3660 to forward port 80 to the PIX/proxy.

    http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.5

    alan
     
    Alan Strassberg, Nov 29, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Enrico Gloeckner

    transparent www proxy - pix port forwarding

    Enrico Gloeckner, Nov 9, 2003, in forum: Cisco
    Replies:
    1
    Views:
    2,464
    Walter Roberson
    Nov 9, 2003
  2. Casto

    www transparent proxy ?

    Casto, Dec 13, 2003, in forum: Cisco
    Replies:
    2
    Views:
    16,608
    Casto
    Dec 15, 2003
  3. Mirek
    Replies:
    1
    Views:
    7,217
    Alan Strassberg
    Jan 18, 2004
  4. Mike Sergeev

    "ALARM" port in cisco 3660

    Mike Sergeev, Jul 27, 2004, in forum: Cisco
    Replies:
    1
    Views:
    707
    Phillip Remaker
    Jul 28, 2004
  5. James Sleeman
    Replies:
    12
    Views:
    924
    joe_90
    Sep 19, 2004
Loading...

Share This Page