08-12-2010 12:54 PM - edited 03-04-2019 09:24 AM
As per attached diagram,
I have two isp and two core switch with 10 vlans and two core switch interconnected with cascading. One vlan i put Bluecoat and we are using proxy.
I need to block all internet traffic without proxy. I mean any internet traffic should forward to bluecoat. For this i used route map.
interface BVI1
ip address 192.168.1.3 255.255.255.0 secondary
ip access-group 110 in
ip nat inside
ip policy route-map LOCAL_ACCESS
speed auto
full-duplex
ip access-list extended NO_PROXY
permit tcp any any eq www
permit tcp any any eq 443
route-map LOCAL_ACCESS permit 10
match ip address NO_PROXY
set ip next-hop 192.168.2.8
but its not working.
Can anyone help in the scenerio.
Solved! Go to Solution.
08-12-2010 01:16 PM
Hi,
Do you have IRB between Vlans here? if so, make sure the BVI is the gateway for those vlans. and make sure (bluecoat) has its default GW set to 192.168.2.x subnet SVI interface.
There are two ways to redirect traffic to the proxy, either by PBR or WCCP.
perhaps if you elaborate more , So we can provide better response.
HTH
Mohamed
08-12-2010 01:16 PM
Hi,
Do you have IRB between Vlans here? if so, make sure the BVI is the gateway for those vlans. and make sure (bluecoat) has its default GW set to 192.168.2.x subnet SVI interface.
There are two ways to redirect traffic to the proxy, either by PBR or WCCP.
perhaps if you elaborate more , So we can provide better response.
HTH
Mohamed
08-12-2010 07:14 PM
yes mohammed, i was tested with wccp but we are not using wccp. can you explain me about PBR.
regards
08-12-2010 03:28 PM
You show one IP address on the interface, which is a secondary address and which does not match any of the VLANs mentioned in your drawing. Perhaps you can clarify what is going on here about addressing. And perhaps clarifying would help us understand some other things as well that might be part of the problem.
I do not see any particular issues with the route map, assuming that BVI1 is the layer 3 interface where traffic from the clients comes in. It might help to know what is in access list 110 as this could easily be part of the issue. And since your BVI interface is configured as ip nat inside, there is also the possibility that your issue could be an address translation issue.
HTH
Rick
08-12-2010 06:05 PM
192.168.2.8 seems to be your Bluecoat Proxy device. Is your Bluecoat device able to ping Internet? If you are trying to access internet from your internal LAN could you confirm if you have configure proxy details on your devices or perhaps using 'proxy.pac' file.
08-12-2010 07:28 PM
yes i was done completely one i want to know that how i can reroute traffic on bluecoat. I have to used pbr on router side or core switch and i need one example of pbr.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide