03-28-2016 09:30 AM - edited 03-05-2019 03:39 AM
Currently, all the windows/linux/mac servers/machines behind our dept 2911 have proxy setup individually. (In browsers, etc).
With all the complaints about having to put customize each machine, I did some research.
Then I learned about "transparent proxy"
http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html
http://www.techrepublic.com/article/save-money-by-running-a-proxy-server-with-the-cisco-ios/
https://networklessons.com/network-services/cisco-wccp-squid-transparent-proxy/
Two questions:
(1) So you can run web-squid on router and on a linux box?
(2) Can we achieve that with 2911(with PBR) or need WSA and a server to act as L4 switch?
Goal: I don't want end-clients to have any more configs beside default gw.
Thanks
03-28-2016 06:45 PM
If you are using squid, then you will be wanting to use wccp.
03-28-2016 08:00 PM
Thank you and http is running per below:
s#show adjacency tunnel 0 detail
Protocol Interface Address
IP Tunnel0 10.4.1.12(3)
connectionid 1
16 packets, 1376 bytes
epoch 0
sourced in sev-epoch 35
Encap length 28
4500000000000000FF2F0545AC1BFF5E
0A04010C0000883E00000000
Tun endpt
Next chain element:
IP adj out of GigabitEthernet0/2.10, addr 10.4.1.12
But now how do I put https through it as well?
Guides say I need to create CA and do all that SSL proxying. But I don't need to decrypt or intercept. Can I somehow put 443 behind 80?
Thanks a lot!
03-28-2016 06:47 PM
You could also consider using WPAD if you have an internal HTTP server and internal DNS.
https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide