Hi,

My client is using Cisco ISG. Setup is as described below.

1. Client makes a request through browser for xyz.com.

2. Through routing, the request reaches to ISG.

3. ISG is configured to redirect port 80 and 443 requests to squid proxy server(running with iptables to support transparent proxy).

4. Squid serves the request.

The problem we are facing is described below.

------------------------------------------------------------------

Observation

 If a user makes request for http://www.wikipedia.org then the client request header should look like: 

src: client_IP:random_port 
dst: wikipedia.org(ip_address):http 
http request: http_request details. (host,url,etc..) 

and squid should get the packet like that. 

But since Cisco ISG is in between which seems to be changing the client request header like: 

src: client_IP:random_port 
dst: squid_IP:http 
http request: http_request details. (host,url,etc..) 

and eventually squid returns TCP_MISS/503(Service not Available) since there are no web resources on squid server which are requested by the client. 

The scenario described above is quite evident in the access.log entries.

 ===========

local=*10.58.200.33:80 remote=10.210.83.249:*3375 FD 10 flags=33: accepted 

===========

And pcap logs

===========

"178","30.278035","10.210.83.247","10.58.200.33","TCP","68","1378→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1360 WS=256 SACK_PERM=1"

"179","30.278094","10.58.200.33","10.210.83.247","TCP","68","80→1378 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"

"181","30.314009","10.210.83.247","10.58.200.33","TCP","62","1378→80 [ACK] Seq=1 Ack=1 Win=17408 Len=0"

===========

Question.

1. Does cisco ISG changes the destination IP of the packet.?

2. If it changes the IP then how next hope will understand where to send the packet.?

3. Any suggestions..??

Thanks & Regards,

Jaykbvt