Proxy Server

George Thomas · ‎06-24-2009

Hello All,

I have a 6500 and an ASA installed. I need to proxy http traffic to a 3rd party Web filter before it hits the ASA. How do i accomplish this? Do i use WCCP? If so, what version?

Thanks,

G

Please rate useful posts.

Giuseppe Larosa · ‎06-24-2009

Hello George,

you can use WCCP2 for this if supported on that 3party device.

WCCP any version implies a communication between web cache(s) and router(s)

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/wccp.html

if this is not your case you can use PBR.

Hope to help

Giuseppe

George Thomas · ‎06-25-2009

Hi Giuseppe,

Thanks a lot for the response. The 3rd party device is a Web filter that doesnt support WCCP. I think I will have to fo the PBR route. Where do I have to set the route-map policy? Is it on the firewall VLAN interface or on all VLAN's where I have clients connected?

Thanks a lot for your help.

G

Please rate useful posts.

Giuseppe Larosa · ‎06-25-2009

Hello George,

PBR has to be applied inbound so you need it on the internal interfaces where traffic originated by clients is received.

The web filter/cache has to be reachable through a separate L3 interface

Hope to help

Giuseppe

George Thomas · ‎06-25-2009

Hi Giuseppe,

If I understand this right, I will have to put the policy map on each and every VLAN and the IP address of the web filter should be on a different VLAN, correct?

Thanks,

G

Please rate useful posts.