07-04-2019 03:48 AM
Hi ,
I am new to Cisco routers and i was trying to configure PBR in Cisco router. I was facing problem in forwarding HTTP Traffic to the cache_server. Please help me to find the rules to forward the HTTP traffic.
Thanks,
Tamil
07-04-2019 03:51 AM
Hi @stamil,
Could you please post the current PBR configuration for your Router?
07-04-2019 04:09 AM - edited 07-04-2019 04:10 AM
Hi @Hector Gustavo Serrano Gutierrez ,
Please Take look at my config
wan --> FastEthernet2/0
LAN --> FastEthernet 1/0
Cache_iface --> FastEthernet 2/1
interface GigabitEthernet0/0
no ip address
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
!
interface FastEthernet1/0
ip address 192.168.50.1 255.255.255.0
ip policy route-map linux-proxy
ip nat inside
ip virtual-reassembly
duplex half
!
!
interface FastEthernet2/0
ip address 192.168.200.200 255.255.255.0
ip nat outside
ip policy route-map wan-proxy
ip virtual-reassembly
duplex auto
speed auto
!
!
interface FastEthernet2/1
ip address 192.168.56.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip nat inside source list 1 interface FastEthernet2/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
ip access-list extended http-traffic
permit tcp any any eq www
ip access-list extended wan-traffic
permit tcp any eq www any
!
access-list 1 permit 192.168.56.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.255
no cdp log mismatch duplex
!
!
!
!
route-map linux-proxy permit 1
match ip address http-traffic
set ip next-hop 192.168.56.125
!
route-map wan-proxy permit 1
match ip address wan-traffic
set ip next-hop 192.168.56.125
!
!
!
This my running configuration
07-04-2019 06:05 AM
PBR config looks correct.
what exactly isnt working?
is traffic on port 80 hitting 192.168.156.125 at all?
07-04-2019 07:03 AM - edited 07-04-2019 07:12 AM
Hi @stamil,
I tested the configuration in VIRL. It is OK.
The Cisco Router with PBR + NAT shouldn't be the problem here.
As @Dennis Mink suggested, what do you see on that linux-proxy (192.168.156.125)?. Is it actually forwarding the HTTP request traffic back to the Router?
Cheers.
07-05-2019 02:27 AM
Hi @Hector Gustavo Serrano Gutierrez ,
Thanks for your reply and i accept your point. In cache_box side, while running wireshark it shows these errors
When i google on those error the similar answer was there was multi-path between server and client
can you please help me to sort this problem, I suspect the rules are not forwarding properly.
Please provide some debug techniques to check packet flow in router level.
07-05-2019 05:30 AM - edited 07-05-2019 05:33 AM
Hi @stamil,
Those TCP messages can be caused by many different factors, including devices beyond this Cisco Router and linux-proxy server.
What is the issue you are facing at this moment? Is it no connectivity, constant disconnections or poor performance when attempting to pass the traffic thru your linux-proxy?
The PBR configuration should be forwarding all the traffic destined to TCP port 80 to that linux-proxy.
In reverse direction, the return traffic with TCP port 80 as source, is also being forwarded to that same linux-proxy.
This is just TCP port 80 traffic (HTTP). Not DNS, not HTTPS.
Moving forward, here is how you can take packet captures on the Cisco IOS Router:
Embedded Packet Capture for Cisco IOS and IOS-XE Configuration Example
Cisco IOS Configuration Example
Hope this helps.
07-04-2019 04:44 AM
Hi there,
Have you consider using WCCP?
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide