cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
236
Views
0
Helpful
3
Replies
Beginner

Can I achieve transparent proxy with 2911?

Currently, all the windows/linux/mac servers/machines behind our dept 2911 have proxy setup individually. (In browsers, etc).

With all the complaints about having to put customize each machine, I did some research.

Then I learned about "transparent proxy"

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

http://www.techrepublic.com/article/save-money-by-running-a-proxy-server-with-the-cisco-ios/

https://networklessons.com/network-services/cisco-wccp-squid-transparent-proxy/

Two questions:

(1) So you can run web-squid on router and on a linux box? 

(2) Can we achieve that with 2911(with PBR) or need WSA and a server to act as L4 switch?

Goal: I don't want end-clients to have any more configs beside default gw.

Thanks

Everyone's tags (1)
3 REPLIES 3
VIP Advisor

If you are using squid, then

If you are using squid, then you will be wanting to use wccp.

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

Highlighted
Beginner

Thank you and http is running

Thank you and http is running per below:

s#show adjacency tunnel 0 detail
Protocol Interface Address
IP Tunnel0 10.4.1.12(3)
connectionid 1
16 packets, 1376 bytes
epoch 0
sourced in sev-epoch 35
Encap length 28
4500000000000000FF2F0545AC1BFF5E
0A04010C0000883E00000000
Tun endpt
Next chain element:
IP adj out of GigabitEthernet0/2.10, addr 10.4.1.12

But now how do I put https through it as well? 

Guides say I need to create CA and do all that SSL proxying. But I don't need to decrypt or intercept. Can I somehow put 443 behind 80?

Thanks a lot!

VIP Advisor

You could also consider using

You could also consider using WPAD if you have an internal HTTP server and internal DNS.

https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards