https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451715#M532618 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please specify where you proxy is located. On the same subnet as the clients, on a DMZ on the PIX, on the outside .. or ?</P><P></P><P>Id it is located on the inside you will have a problem, as the PIX (below version 7.0) cannot do routing on the same interface, so it will not be able to route traffic from the clients to the proxy on the same interface (subnet).</P><P></P></BODY></HTML> Tue, 04 Oct 2005 11:03:58 GMT jakob.langgaard 2005-10-04T11:03:58Z https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451713#M532616 <P>I want to redirect all http/ftp traffic through proxy server from the PIX. The proxy is 10.133.1.49 and PIX is 10.133.6.10. The default gateway for the hosts on the network is 10.133.6.10. </P><P>Is my logic sound? </P> Fri, 21 Feb 2020 08:25:53 GMT https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451713#M532616 boyd-c 2020-02-21T08:25:53Z https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451714#M532617 <HTML><HEAD></HEAD><BODY><P>that seems to be right. all you need is to have some policies so that only that proxy IP will be able to have a translation / communciation through the pix</P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Sun, 02 Oct 2005 23:32:37 GMT https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451714#M532617 nkhawaja 2005-10-02T23:32:37Z https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451715#M532618 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please specify where you proxy is located. On the same subnet as the clients, on a DMZ on the PIX, on the outside .. or ?</P><P></P><P>Id it is located on the inside you will have a problem, as the PIX (below version 7.0) cannot do routing on the same interface, so it will not be able to route traffic from the clients to the proxy on the same interface (subnet).</P><P></P></BODY></HTML> Tue, 04 Oct 2005 11:03:58 GMT https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451715#M532618 jakob.langgaard 2005-10-04T11:03:58Z https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451716#M532619 <HTML><HEAD></HEAD><BODY><P>In my understanding the PIX is not able to redirect traffic to another server as a proxy server. </P><P></P><P>Please correct me if I am not right. Execption is WebSense and N2H2 Web Filtering service.</P><P></P><P>The setup should be:</P><P></P><P>1a.)Access-list line 1 that permits just the proxy server to connect with http, https and ftp.</P><P>1b.)Access-list line 2 that blocks all other traffic. </P><P></P><P>You do not rellay need that line (1b) because the PIX will do that automaticly after a permit statement.</P><P></P><P>Then configure all inside host to use your proxy server in the browser settings.</P><P></P><P>Example for proxy server in the inside network:</P><P></P><P>object-group service Proxy-TCP tcp</P><P>port-object eq 80</P><P>port-object eq 443</P><P>port-object eq 21</P><P></P><P>access-list proxy permit tcp host ProxyServerIP any object-group Proxy-TCP</P><P></P><P>access-group proxy in interface inside</P><P></P><P>Note: Object group will be more flexible if you want to configure multiple TCP ports. </P><P></P><P>sincerely</P><P>Patrick</P></BODY></HTML> Tue, 04 Oct 2005 21:33:55 GMT https://community.cisco.com/t5/network-security/pix-redirect-http-ftp-traffic-to-proxy-server/m-p/451716#M532619 Patrick Iseli 2005-10-04T21:33:55Z