Routing through Web Filter

scott.kenley · ‎07-15-2008

I need to be able to route the traffic coming from both remote sites, across the PtP and VPN connections, through the web filter. Browser proxy settings will not be used. It needs to be done at the 1841 router. I'm not looking for a complete solution, just point me in the right direction.

Network layout.

http://www.georgetownky.gov/diagram.jpg

tdrais · ‎07-15-2008

I am assuming your traffic is going to go back out the same port the VPN comes in on ?

Option 1

Use WCCP if your web filter supports it. This makes it somewhat simpler to configure because most the configuration is done on the web proxy and it pushes rules to the router.

Option 2

Use policy based routing on both input interfaces and match any traffic that would go to the internet and set the next hop to be the web proxy. The only hard part is to get the access list to match only traffic that you want the web proxy to handle and let the rest go directly to the internet or to your internal network. All depends on how big your internal network is and the number of protocols you are going to proxy.

autobot130 · ‎07-16-2008

Looks like you will need to use WCCP which establishes a GRE tunnel from the router to the web filter device and proxy any traffic matching your WCCP ACL.

scott.kenley · ‎07-17-2008

Actually option 2 provided by tdaris looks like it is going to work. Had busy day yesterday so I haven't fully tested it yet. It appears I'm going to have to have something on the inside of the filter to use as the next hop though. It appears that the traffic is just bouncing off the filters interface and going right back out rather than passing through and being filtered. I did a traceroute so I know it's going to the filter. I've got something I'm going to try today that may resolve this issue.

Thanks for your help guys.