Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cisco forward internet to other gateway.

Status
Not open for further replies.
karmic

karmic

Technical User
Jul 20, 2001
973
CA
I have a couple of companies that are running a PIX 501E side by side with a linux based internet filter. There are some limitations in this setup. Currently there are 2 gateways, the cisco and the linux.

I need to know how to utilize the cisco for the primary gateway and forward all internet traffic from the cisco to the linux proxy.

I know it can be done, just having a hard time finding it.

Thanks :)

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Sort by date Sort by votes
If your Linux box is already a proxy server then your users would just have to have the proxy enabled in their browser for to route out that machine. This would be a simpler way of doing things without having to do a route-map.
 
Upvote 0 Downvote
If its pix501 we are talking about the ios commands will not work. I assume that the cisco gateway is the pix501, or?
 
Upvote 0 Downvote
Sorry peeps, it's a PIX 506 we're talking about.

The proxy is going to be transparent, nothing to log into.

If the IOS commands won't work, what will? Can it be done with the PIX?


~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
Can you explain a little bit more how you would like your design to look like!

Do you want to use the linux as a webfilter? Or do you want to reroute all traffic thru the linux? Reroute on the same segment will not work.
 
Upvote 0 Downvote
Basically i'm looking to have the pix 506 as the primary gateway for all traffice EXCEPT basic internet. I want ports 80, 53, 443 and a couple of others routed to the linux filter so internet access can be monitored and blocked etc.

So, pix gateway of 192.168.1.1 and linux gateway of 192.168.1.2, both have separate internet ip's, both accessable from the internal network.

Or is there a better way?

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
I am sorry to say but that will not work with the pix506 for different reasons. The only way to solve this is if your linux box works the same way as websense. In that case the pix will ask the linuxbox but still route the traffic.


 
Upvote 0 Downvote
Thanks, figured that would be the answer. Just wanted to make sure of it.

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
You could set your linux box inline so all traffic has to go through the linux box (either internal or external to the pix.) You have to make sure that your software has that capability. It would have the load of monitoring all the traffic but it might get you where you want.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
323
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
284
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
278
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
339
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top