09-19-2012 02:11 PM - edited 03-07-2019 08:58 AM
I need some ACL help with Proxy product. I am using a 1841 ISR and need to configure all proxy traffic to go through Proxy server and not bypass if user unchecks proxy in IE.
The Proxy software says this in manual:
You can configure your firewall to deny all http (port 80) outbound requests except for ones coming from the IP(s)
address of your proxy server(s).
How it works: The firewall will deny all Web browsing requests except ones coming from the proxy server. This
will ensure that all users browsing the Web have to go through your proxy server.
Our Proxy server is 10.1.1.13
Our Nat is using ACL 104
Currently I have this configured for ACL 104:
access-list 104 permit ip host 10.1.1.13 any
Question is:
How do I configure our firewall to deny all http (port 80) outbound requests except for ones coming from the IP(s)
address of your proxy server at 10.1.1.13?
Thanks for help!
09-19-2012 02:17 PM
If this is really all you need to do, you should be able to use the following:
access-list 104 permit tcp host 10.1.1.13 any eq 80
access-list 104 deny tcp any any eq 80
access-list 104 permit ip any any
If your private side address is on fa0/1, you need to apply this inbound:
int fa0/1
ip access-group 104 in
HTH,
John
09-19-2012 04:05 PM
this the access-list you need to apply on the LAN interface
ip access-list 104 permit tcp host 10.1.4.13 any eq 80
ip access-list 104 permit tcp host 10.1.4.13 any eq 443
ip access-list 104 deny tcp any any eq 80
ip access-list 104 deny tcp any any eq 443
ip access-list 104 permit ip any any
int fa0/0
ip access-group 104 in
checl for the configuration in NAT
ip nat inside source static list 1 interface (outgoing interface) overload
ip access-list 1 permit 10.1.4.13
Try this
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide