RE: Transparent proxying

[kaptain <kaptain () kaptain com>]

WCCP is more elegant.  It doesn't force default routes and it uses health
checks with proxies that support it.  If the proxy goes down, the router
will bypass the proxy and go directly to the origin server.

-K

On Thu, 12 Feb 2004, Yachera, Stanley wrote:

> I believe you are trying to do the following:
>
> !inside interface on router
> interface Ethernet 0/0
>  ip policy route-map forced-proxy
>
> !proxy
> access-list 101 deny tcp host x.x.x.x any eq 80
> !client network
> access-list 101 permit tcp y.y.y.y any eq 80
>
> !map
> route-map forced-proxy permit 10
>  match ip address 101
>  set ip next-hop x.x.x.x
>
> Where x.x.x.x = proxy and y.y.y.y= local network or pertinent hosts.
>
> 260xx series routers, quite affordable now a days..
> As long as your users default route is this machine, and your default route
> on the proxy
> is your IA gear, all is well.
>
> S. Yachera
> http://www.bitbucketit.com
>
>
> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com
> [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of jm
> Sent: Wednesday, February 11, 2004 10:55 PM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] Transparent proxying
>
>
>
> Hello everybody,
>
> I'm trying to enable transparent proxying from a router or from a L3/4
> switch and after a day spent on Cisco, Extreme Networks and other Enterasys
> website I'm still completely clueless as to whether I need a $1,000 or a
> $15,000 box. Since obviously I would prefer the former, I'm relying on your
> advices.
>
> I have a proxy server processing some HTTP and some other stuff: mostly I
> want to receive packets based on IP and/or on port. I'd like a router/switch
> device that can transparently route packets to my proxy server. I have three
> different locations to provide, one with about 1,000 users, the other with
> 3,000 and the last one with over 8,000 seats. I cannot touch the existing
> infrastructure (i.e. reconfigure the existing Cisco boxes already in place)
> but I can insert my router/switch in-line on the LAN side of the firewall.
>
> In addition I need the router/switch to be remotely configurable from my
> proxy server. And finally I need some equipment which from a brand which is
> known enough that it won't raise too much eyebrows when installed in-line
> (i.e. Linux is out of the picture, Cisco would be ideal if the price is
> correct).
>
> So what do I need? A router? An L3 switch? An L4 gizmo? Which price range?
> Your help would be much appreciated.
>
> Thanks,
>
> jm
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards