01-07-2005 03:54 PM - edited 02-20-2020 11:51 PM
I would like to redirect my port 80 traffic from my inside interface to the dmz interface.
I have a pix 515e and three interfaces - inside (private net), outside (pub net Internet) and dmz1 (which has a squid proxy)
What I want is when a user makes a webrequest (opens his/her browser) the request is redirected to the suid proxy on the dmz.
I know that one can use a layer 4 switch to do this. Can I use my pix to redirect traffic/ports etc. If you would like more info please ask.
01-08-2005 12:44 AM
Hi simpdou,
if the proxy is intended for internet browsing, you can defnitely configure pix to allow connections from inside to DMZ. you can configure statics and put access-lists to allow ur inside network access the proxy server on the desired port. You have to do the following:
1) configure static or nonats between inside network and DMZ network.
2) configure access-lists on dmz (&inside) to allow communication between the inside network & proxy
3) do a nat for the proxy to access internet.
If your scenario is doing caching for specific subnets based on the destination port, i think pix wont do redirection for such requests. you should have a L4 switch and do port redirection.
Hope this helps. rate replies if found useful.
Raj
01-11-2005 11:49 AM
I cannot figure out the "access-list / access-group" part. I want to redirect port 80 on the inside interface. I would think it would be something like "access-list acl_name permit any www host 10.240.240.2"
"access-group acl_name in interface inside"
However, when I do this or a variation of redirecting port 80 from inside to dmz, the syslog shows that port 80 is trying the outside interface and being denied.
Do I have the right idea?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide