Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
5
Helpful
5
Replies

Routing Guide Needed

Go to solution
Hamidsattarrana
Level 1
Level 1

‎12-18-2019 09:17 AM

Hello!

Hope you are doing great.

I have a scenario.

I have proxy server on cloud: 202.32.45.264

Router Public IP Address: XX.XX.XX.XX

Router Next Hop (Gateway): ZZ.ZZ.ZZ.ZZZ

Router LAN IP Address: LL.LLL.LLL.LL

I want to route all traffic from router to the proxy server IP address i.e. 202.32.45.264

 

I have following static routes configured on the router. Can someone please check if I am configuring it right?

 

ip route 202.32.45.264 255.255.255.255 ZZ.ZZ.ZZ.ZZZ (I am defining static route to the proxy server via next hop)

ip route 0.0.0.0 0.0.0.0 202.32.45.264 (Now I am defining default route to proxy server)

 

 

Need suggestion Guys. Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Hamidsattarrana

‎12-19-2019 04:28 AM

As others have commented, your routing logic is ok - as far as it goes. But it will not accomplish what you want. If we look at what is happening from the routing perspective it would go something like this:

- some PC in your network wants to access some server in the internet, let us say its Public IP address is P.P.P.P. So the PC builds an IP packet with the PC address as the source and P.P.P.P as the destination. The PC sends the IP packet to its gateway, which is your router.

- your router looks at the destination address (P.P.P.P) and determines that the next hop is its gateway of ZZ.ZZ.ZZ.ZZZ. The router also determines that sending the packet to its gateway needs to do address translation. So it translates the source address from the PC address to your router Public IP. Your router then forwards the packet to its gateway.

- the provider router (at ZZ.ZZ.ZZ.ZZZ) looks at the destination address (P.P.P.P) and makes its own forwarding decision, which will not be to forward the packet to your proxy server.

 

It looks to me like to effectively use that proxy server you either need some agent inside your network that will examine the traffic and alter the destination address to be the proxy address, or you need some type of processing that will effectively tunnel that traffic from your router to your proxy server.

 

HTH

 

Rick

HTH

Rick

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-18-2019 09:40 AM

Do we need to the high-level diagram of how you connected to this Proxy server (in the cloud)?

 

I have previously deployed like Symantec have Cloud proxy, but they have Local Agent Server in the network, which redirect the traffic to cloud and analysis and process.

 

This require bit design and routing.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Hamidsattarrana
Level 1
Level 1
In response to balaji.bandi

‎12-19-2019 03:30 AM

Proxy server Shadow-socks will be on the cloud.

Client PC >>>>>> Switch >>>>>>>> Router>>>>>>>>>>>Shadow-socks Server on Cloud

I think I am missing something here.

Internet was working fine with the configurations that I have posted before. But the Client PC is not showing its Public IP as IP address of ShadowSocks Server. Client PC is showing router public interface ip address as it's external IP address.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Hamidsattarrana

‎12-19-2019 04:28 AM

As others have commented, your routing logic is ok - as far as it goes. But it will not accomplish what you want. If we look at what is happening from the routing perspective it would go something like this:

- some PC in your network wants to access some server in the internet, let us say its Public IP address is P.P.P.P. So the PC builds an IP packet with the PC address as the source and P.P.P.P as the destination. The PC sends the IP packet to its gateway, which is your router.

- your router looks at the destination address (P.P.P.P) and determines that the next hop is its gateway of ZZ.ZZ.ZZ.ZZZ. The router also determines that sending the packet to its gateway needs to do address translation. So it translates the source address from the PC address to your router Public IP. Your router then forwards the packet to its gateway.

- the provider router (at ZZ.ZZ.ZZ.ZZZ) looks at the destination address (P.P.P.P) and makes its own forwarding decision, which will not be to forward the packet to your proxy server.

 

It looks to me like to effectively use that proxy server you either need some agent inside your network that will examine the traffic and alter the destination address to be the proxy address, or you need some type of processing that will effectively tunnel that traffic from your router to your proxy server.

 

HTH

 

Rick

HTH

Rick

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎12-21-2019 08:35 AM

I am glad that my explanation has been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎12-18-2019 12:47 PM

Hallo,

 

I just labbed this up in GNS3, and your routing seems to work fine. That said, wouldn't it be a better idea to set the proxy server in the client browsers ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card