https://community.cisco.com/t5/network-security/pbr-and-port-redirection/m-p/1611035#M593490 <P>What does the first line of below acl does for proxy redirect? I hope&nbsp; it denies all traffic except 80 and redirects 80 traffic to proxy ip?</P><P></P><P>access-list 111 deny&nbsp;&nbsp; tcp any any neq www<BR />access-list 111 deny&nbsp;&nbsp; tcp host 192.168.40.11 any</P><P>access-list 111 permit tcp any any</P><P></P><P>192.168.40.11 is my proxy ip.</P><P></P><P><SPAN>This config works for me. But at times, we are not able to access some https sites..For eg, </SPAN><A class="jive-link-external-small" href="http://gmail.com" target="_blank">http://gmail.com</A><SPAN> redirects to </SPAN><A class="jive-link-external-small" href="https://gmail.com" target="_blank">https://gmail.com</A><SPAN>, but it doesnt work all the time.</SPAN></P><P></P><P>- Ribin</P> Mon, 11 Mar 2019 19:39:11 GMT ribin.jones 2019-03-11T19:39:11Z https://community.cisco.com/t5/network-security/pbr-and-port-redirection/m-p/1611035#M593490 <P>What does the first line of below acl does for proxy redirect? I hope&nbsp; it denies all traffic except 80 and redirects 80 traffic to proxy ip?</P><P></P><P>access-list 111 deny&nbsp;&nbsp; tcp any any neq www<BR />access-list 111 deny&nbsp;&nbsp; tcp host 192.168.40.11 any</P><P>access-list 111 permit tcp any any</P><P></P><P>192.168.40.11 is my proxy ip.</P><P></P><P><SPAN>This config works for me. But at times, we are not able to access some https sites..For eg, </SPAN><A class="jive-link-external-small" href="http://gmail.com" target="_blank">http://gmail.com</A><SPAN> redirects to </SPAN><A class="jive-link-external-small" href="https://gmail.com" target="_blank">https://gmail.com</A><SPAN>, but it doesnt work all the time.</SPAN></P><P></P><P>- Ribin</P> Mon, 11 Mar 2019 19:39:11 GMT https://community.cisco.com/t5/network-security/pbr-and-port-redirection/m-p/1611035#M593490 ribin.jones 2019-03-11T19:39:11Z https://community.cisco.com/t5/network-security/pbr-and-port-redirection/m-p/1611036#M593491 <HTML><HEAD></HEAD><BODY><P>You are right, if the ACL is applied to the proxy redirection ACL, it does mean what you posted earlier.</P><P></P><P>Basically, the acl says:</P><P>line 1: deny all TCP traffic whose port is not equal to www (port 80)</P><P>line 2: deny all TCP traffic from the proxy server</P><P>line 3: permit all TCP outbound traffic</P><P></P><P>Since line 1 already deny all TCP ports but port 80, line 3 essentially means permit TCP/80.</P><P></P><P>So in summary, redirect all TCP/80 traffic except traffic from the proxy serve itself. Everything else will not be redirected.</P></BODY></HTML> Mon, 24 Jan 2011 07:47:38 GMT https://community.cisco.com/t5/network-security/pbr-and-port-redirection/m-p/1611036#M593491 Jennifer Halim 2011-01-24T07:47:38Z