1841 ACL help with Cyblock Proxy

david.santel · ‎09-19-2012

I need some ACL help with Proxy product. I am using a 1841 ISR and need to configure all proxy traffic to go through Proxy server and not bypass if user unchecks proxy in IE.

The Proxy software says this in manual:

You can configure your firewall to deny all http (port 80) outbound requests except for ones coming from the IP(s)
address of your proxy server(s).

How it works: The firewall will deny all Web browsing requests except ones coming from the proxy server. This
will ensure that all users browsing the Web have to go through your proxy server.

Our Proxy server is 10.1.1.13

Our Nat is using ACL 104

Currently I have this configured for ACL 104:

access-list 104 permit ip host 10.1.1.13 any

Question is:

How do I configure our firewall to deny all http (port 80) outbound requests except for ones coming from the IP(s)
address of your proxy server at 10.1.1.13?

Thanks for help!

John Blakley · ‎09-19-2012

If this is really all you need to do, you should be able to use the following:

access-list 104 permit tcp host 10.1.1.13 any eq 80

access-list 104 deny tcp any any eq 80

access-list 104 permit ip any any

If your private side address is on fa0/1, you need to apply this inbound:

int fa0/1

ip access-group 104 in

HTH,

John

HTH, John *** Please rate all useful posts ***

dharmeet · ‎09-19-2012

this the access-list you need to apply on the LAN interface

ip access-list 104 permit tcp host 10.1.4.13 any eq 80

ip access-list 104 permit tcp host 10.1.4.13 any eq 443

ip access-list 104 deny tcp any any eq 80

ip access-list 104 deny tcp any any eq 443

ip access-list 104 permit ip any any

int fa0/0

ip access-group 104 in

checl for the configuration in NAT

ip nat inside source static list 1 interface (outgoing interface) overload

ip access-list 1 permit 10.1.4.13

Try this