PBR for transparent proxy

[gmail2]

Hi All

Our branch offices have a combination of Juniper firewalls and Cisco layer 3 switches (either one or the other depending on types of WAN connections etc). I want to use policy based routing to route all HTTP & HTTPS traffic to a proxy server in our DC to effectively create a transparent proxy server rather than using client settings.

PBR on Juniper allows me to specify source & destination IP's as well as source and destination ports. Likewise, it allows me to "route" the traffic to a non-adjacent device ... ie, our proxy server across the WAN.

However, from reading the link below, it appears that on IOS, I can only use source & destination IP as the criteria, and I can only route to an adjacent device, similar to normal destination routing.

http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html

Can anybody advise me if IOS can provide the same granulatiry in it's PBR as Juniper can ? It seems pretty pointless having policy based routing based only on source and destination

Thanks in advance !

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[VinceWhirlwind]

On the 3750, it should look something like:

sdm prefer routing
access-list 101 permit tcp any any eq www
route-map

http://wwwsurfers

permit 10
match ip address 101
set ip next-hop 10.1.1.1
Int f1/0/1
ip policy route-map

http://wwwsurfers

Pretty sure you need IPservices running on your switch, too.

 

[gmail2]

Thanks for the reply VinceWhirlwind ... I don't know why I didn't figure out that I could add port number to the access list

What about the routing to non-adjacent devices (such as proxy server in our data center). Is this not possible ? Unfortunately the routers closest to the proxy servers don't support PBR

Any suggestions at all ?

thanks again

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau