I need Help in Cisco [7:31875]
I have one Cisco 3640 i need to send all my trafic www to one linux box, in this linux box i have Proxy squid, but i don4t know how make this. Somebody know how make this? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31875&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I need Help in Cisco [7:31875]
Hi all, someone can help me? i try to pass all my trafic from cisco across squid in Linux the configuration is, In my squid proxy i have this http_port 80 icp_port 3130 httpd_accel virtual 80 httpd_accel_with_proxy on On the cisco I did: route-map proxy-redirect permit 10 match ip address 110 set ip next-hop 208.206.76.44 access-list 110 deny tcp host 208.206.76.44 any eq www access-list 110 allow tcp any any eq www int e0 ip policy route-map proxy-redirect but when i write in the cisco sh route-map, cisco show me the follow cisco#sh route-map route-map proxy-redirect, permit, sequence 10 Match clauses: ip address (access-lists): 110 Set clauses: ip next-hop 208.206.76.44 Policy routing matches: 145918 packets, 12186643 bytes cisco#sh route-map route-map proxy-redirect, permit, sequence 10 Match clauses: ip address (access-lists): 110 Set clauses: ip next-hop 208.206.76.44 Policy routing matches: 146700 packets, 12254407 bytes cisco#sh route-map route-map proxy-redirect, permit, sequence 10 Match clauses: ip address (access-lists): 110 Set clauses: ip next-hop 208.206.76.44 Policy routing matches: 147153 packets, 12302917 bytes But when my network try to connect to anything site i see that the machine in my network not resolve the ip address and don4t present the web page of the site that i try to acces. what can i do to solve this problem? - Original Message - From: "c1sc0k1d" To: Sent: Monday, January 14, 2002 10:56 AM Subject: Re: I need Help in Cisco [7:31875] > With the limited description you gave I'd say you probably want policy > routing. > > The k1d > > > > ""Ing. Milton Amador Z."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have one Cisco 3640 i need to send all my trafic www to one linux box, > in > > this linux box i have Proxy squid, but i don4t know how make this. > > > > Somebody know how make this? > > > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32847&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
With the limited description you gave I'd say you probably want policy routing. The k1d ""Ing. Milton Amador Z."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have one Cisco 3640 i need to send all my trafic www to one linux box, in > this linux box i have Proxy squid, but i don4t know how make this. > > Somebody know how make this? > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31878&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I need Help in Cisco [7:31875]
One suggestion is to use two route-map's, one to permit traffic to pass straight through the cache and one with the "set ip next-hop" feature. This second route map will match an access-list configured to capture web traffic, something like the following should do it: Fastethernet 1/0 ip policy route-map proxy-redirect out route-map proxy-redirect permit 10 match ip address 101 route-map proxy-redirect permit 10 match ip address 110 set ip next-hop abc.abc.abc.abc[IP ADDRESS OF SQUID SERVER] access-list 101 remark STRAIGHT THROUGH TRAFFIC access-list 101 permit tcp xxx.xxx.xxx.xxx 0.0.0.255 any any[RANGE OF SOURCE TRAFFIC TO GO THROUGH] access-list 110 remark TRAFFIC TO BE REDIRECTED TO WEB-CACHE access-list 110 permit tcp xxx.xxx.xxx.xxx 0.0.0.255 any eq web [RANGE OF SOURCE TRAFFIC TO BE REDIRECTED] Place all networks to be cached in list 110 and any you don't want to be cached in list 101. For example if you wanted to ensure that the entire 192.168.100.0 network is cached except for host 192.168.0.254 then do the following: access-list 101 permit tcp host 192.168.0.1 any access-list 110 permit tcp 192.168.100.0 0.0.0.255 any eq web Remember to put your Squid (proxy) server in the exceptions list otherwise it'll never work! Hope this helps... Cheers, Scott Riley CCNP CCDA MCSE (NT4) Senior Network Engineer Firstnet Services Ltd W: http://www.firstnet.net.uk [This message subject to: http://www.firstnet.net.uk/disclaimer.html] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ing. Milton Amador Z. Sent: Monday, 14 January 2002 16:41 To: [EMAIL PROTECTED] Subject: I need Help in Cisco [7:31875] I have one Cisco 3640 i need to send all my trafic www to one linux box, in this linux box i have Proxy squid, but i don4t know how make this. Somebody know how make this? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31882&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
Have your web browsers proxy config point to your squid box. you dont really need to setup anything on the router. ""Ing. Milton Amador Z."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have one Cisco 3640 i need to send all my trafic www to one linux box, in > this linux box i have Proxy squid, but i don4t know how make this. > > Somebody know how make this? > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31910&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
I don't even think I understand the question Where does the 3640 come into play? -Patrick >>> "NetEng" 01/14/02 04:17PM >>> Have your web browsers proxy config point to your squid box. you dont really need to setup anything on the router. ""Ing. Milton Amador Z."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have one Cisco 3640 i need to send all my trafic www to one linux box, in > this linux box i have Proxy squid, but i don4t know how make this. > > Somebody know how make this? > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31912&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
Then your users might try to bypass the proxy by changing it themselves. Don't under estimate them. ""NetEng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Have your web browsers proxy config point to your squid box. you dont really > need to setup anything on the router. > > ""Ing. Milton Amador Z."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have one Cisco 3640 i need to send all my trafic www to one linux box, > in > > this linux box i have Proxy squid, but i don4t know how make this. > > > > Somebody know how make this? > > > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31950&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
How far you go depends on how much trouble you want to go to. You can lock out changes to the proxy configuration, you can create an access list on the route to only take port 80 traffic from the proxy server, you can program the workstations to explode... just kidding. :-) Ken >>> "c1sc0k1d" 01/14/02 09:53PM >>> Then your users might try to bypass the proxy by changing it themselves. Don't under estimate them. ""NetEng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Have your web browsers proxy config point to your squid box. you dont really > need to setup anything on the router. > > ""Ing. Milton Amador Z."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have one Cisco 3640 i need to send all my trafic www to one linux box, > in > > this linux box i have Proxy squid, but i don4t know how make this. > > > > Somebody know how make this? > > > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31956&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I need Help in Cisco [7:31875]
Hi scott this is my situation. I have Squid working answering requests on 3128 very good or in the 8080, or 80 anything port. I wanted to force all users to use the Squid, via our Access Server Cisco 3640, which is a basic setup, just taking stuff from the ethernet and throwing it at the serial port, nothing fancy going on on the cisco: for example. Our squid: 200.30.50.5 On the squid I did: http_port 80 icp_port 3130 httpd_accel virtual 80 httpd_accel_with_proxy on On the cisco I did: route-map proxy-redirect permit 10 match ip address 110 set ip next-hop 200.30.50.5 access-list 110 deny tcp host 200.30.50.5 any eq www access-list 110 allow tcp any any eq www int e0 ip policy route-map proxy-redirect what you say about this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32381&t=31875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]