cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1267
Views
5
Helpful
6
Replies

Integration of Proxy Server to the LAN

noxkrugger
Level 1
Level 1

I have my proxy server in the LAN. The proxy cache all of the http sessions inbound and outbound of the LAN. In the LAN, user must enter the proxy setting in the browser to be able to surf internet(http port 80).

My questions:-

1) How the setup in the cisco router 2821(ISR-all firewall,nat and IGW)) to cater the proxy server in the LAN? What is the rules to be injected into the configuration so that user will only go through PROXY server and then go through the router?

1 Accepted Solution

Accepted Solutions

> but if we block the incoming traffic from LAN-subnet for port 80 & 443,

> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

Yes

> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Notice, there is a permit for the proxy server IP address in the ACL

View solution in original post

6 Replies 6

Fraser Reid
Level 1
Level 1

sounds like you may have a design problem....is your proxy behind the router ? should that be the "default gateway" for all public IP addresses ?

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-

As long as all users have the proxy in thier Internet Config be it IE7 or mozilla/firefox then they will have to use the proxy to surf the net.

yup..the proxy is behind the router.. my default-gateway is the 2821 router.. i just want to configure for all users must go through proxy first before reach the router.

And user cannot access internet without configuring proxy server in their browser.

Please advise

Edison Ortiz
Hall of Fame
Hall of Fame

You can create an ACL in the router to block all http traffic with the exception of the proxy server.

ip access-list extended PROXY

permit tcp host [proxy-server-ip] any eq 80

permit tcp host [proxy-server-ip] any eq 443

deny tcp [LAN-subnet] [LAN-subnet mask] any eq 80

deny tcp [LAN-subnet] [LAN-subnet mask] any eq 443

permit ip any any

interface fx/x (Interface facing the LAN)

ip access-group PROXY in

thanks EdisonOrtiz,

but if we block the incoming traffic from LAN-subnet for port 80 & 443, the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Can you explain more?

> but if we block the incoming traffic from LAN-subnet for port 80 & 443,

> the sessions that been originated from LAN-subnet will be blocked (source IP),am i right?

Yes

> So,how the router will recognize that session that originated from LAN-subnet through proxy-server-ip?

Notice, there is a permit for the proxy server IP address in the ACL

thank you EdisonOrtiz..right now I can create rule for my LAN outbound via web proxy server