Firewall Wizards mailing list archives
RE: Transparent proxying
From: kaptain <kaptain () kaptain com>
Date: Thu, 12 Feb 2004 23:52:03 +0000 (GMT)
WCCP is more elegant. It doesn't force default routes and it uses health checks with proxies that support it. If the proxy goes down, the router will bypass the proxy and go directly to the origin server. -K On Thu, 12 Feb 2004, Yachera, Stanley wrote:
I believe you are trying to do the following: !inside interface on router interface Ethernet 0/0 ip policy route-map forced-proxy !proxy access-list 101 deny tcp host x.x.x.x any eq 80 !client network access-list 101 permit tcp y.y.y.y any eq 80 !map route-map forced-proxy permit 10 match ip address 101 set ip next-hop x.x.x.x Where x.x.x.x = proxy and y.y.y.y= local network or pertinent hosts. 260xx series routers, quite affordable now a days.. As long as your users default route is this machine, and your default route on the proxy is your IA gear, all is well. S. Yachera http://www.bitbucketit.com -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of jm Sent: Wednesday, February 11, 2004 10:55 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Transparent proxying Hello everybody, I'm trying to enable transparent proxying from a router or from a L3/4 switch and after a day spent on Cisco, Extreme Networks and other Enterasys website I'm still completely clueless as to whether I need a $1,000 or a $15,000 box. Since obviously I would prefer the former, I'm relying on your advices. I have a proxy server processing some HTTP and some other stuff: mostly I want to receive packets based on IP and/or on port. I'd like a router/switch device that can transparently route packets to my proxy server. I have three different locations to provide, one with about 1,000 users, the other with 3,000 and the last one with over 8,000 seats. I cannot touch the existing infrastructure (i.e. reconfigure the existing Cisco boxes already in place) but I can insert my router/switch in-line on the LAN side of the firewall. In addition I need the router/switch to be remotely configurable from my proxy server. And finally I need some equipment which from a brand which is known enough that it won't raise too much eyebrows when installed in-line (i.e. Linux is out of the picture, Cisco would be ideal if the price is correct). So what do I need? A router? An L3 switch? An L4 gizmo? Which price range? Your help would be much appreciated. Thanks, jm _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Transparent proxying Yachera, Stanley (Feb 12)
- RE: Transparent proxying kaptain (Feb 13)
- RE: Transparent proxying Victoria of Borg (Feb 16)
- RE: Transparent proxying kaptain (Feb 13)