Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
3
Replies

Can I achieve transparent proxy with 2911?

sendalot7
Level 1
Level 1

‎03-28-2016 09:30 AM - edited ‎03-05-2019 03:39 AM

Currently, all the windows/linux/mac servers/machines behind our dept 2911 have proxy setup individually. (In browsers, etc).

With all the complaints about having to put customize each machine, I did some research.

Then I learned about "transparent proxy"

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

http://www.techrepublic.com/article/save-money-by-running-a-proxy-server-with-the-cisco-ios/

https://networklessons.com/network-services/cisco-wccp-squid-transparent-proxy/

Two questions:

(1) So you can run web-squid on router and on a linux box? 

(2) Can we achieve that with 2911(with PBR) or need WSA and a server to act as L4 switch?

Goal: I don't want end-clients to have any more configs beside default gw.

Thanks

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-28-2016 06:45 PM

If you are using squid, then you will be wanting to use wccp.

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

0 Helpful

sendalot7
Level 1
Level 1
In response to Philip D'Ath

‎03-28-2016 08:00 PM

Thank you and http is running per below:

s#show adjacency tunnel 0 detail
Protocol Interface Address
IP Tunnel0 10.4.1.12(3)
connectionid 1
16 packets, 1376 bytes
epoch 0
sourced in sev-epoch 35
Encap length 28
4500000000000000FF2F0545AC1BFF5E
0A04010C0000883E00000000
Tun endpt
Next chain element:
IP adj out of GigabitEthernet0/2.10, addr 10.4.1.12

But now how do I put https through it as well? 

Guides say I need to create CA and do all that SSL proxying. But I don't need to decrypt or intercept. Can I somehow put 443 behind 80?

Thanks a lot!

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-28-2016 06:47 PM

You could also consider using WPAD if you have an internal HTTP server and internal DNS.

https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card