Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1867
Views
0
Helpful
1
Replies

WSA and Cisco Policy Based Routing

dwagner_ironport
Level 1
Level 1

‎04-10-2008 03:40 PM

I'm looking to convert my WSA from explicit to transparent proxy using policy based routing on a Cisco router. See the config below where xxx.xxx.xxx.xxx is the P1 interface on the WSA. Does anyone see any issues with the following in a production environment?

!
access-list 110 permit tcp any any eq www
!
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop xxx.xxx.xxx.xxx
!
interface ethernet0/1
ip policy route-map proxy-redirect
!

The P1 interface on the WSA is located upstream from the router so I'm not checking for it in the ACL.

Labels:
0 Helpful
1 Reply 1

Jason_ironport
Level 1
Level 1

‎04-11-2008 04:37 PM

That router configuration looks good to me, but just make sure that the WSA was configured for Transparent mode during the initial System Setup Wizard configuration. If it was initially configured for explicit only, then you will need to run the wizard again to change it to transparent.

Also, make sure to add a deny statement to the top of access-list 110 for the WSA IP address if the WSA will be going out to the Internet through the same e0/1 interface. Loops are bad. :twisted:

Cheers,
Jason

0 Helpful
Customers Also Viewed These Support Documents