đź”— Policy Routing web traffic on a Cisco 2501 Router
- by Brian Feeny
đź”— Outline
Here is how I have Interception proxying working for me, in an environment where my router is a Cisco 2501 running IOS 11.1.
You also need to configure the squid machine to handle the traffic it receives. See ConfigExamples/Intercept for details on configuring the rest.
đź”— Cisco Configuration
Replace SQUIDIP in the following with the IP address of your Squid host.
In IOS 11.1 the route-map command is “process switched” as opposed to the faster “fast-switched” route-map which is found in IOS 11.2 and later. Even more recent versions CEF switch for much better performance.
!
interface Ethernet0
description To Office Ethernet
ip address ROUTERIP 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
ip policy route-map proxy-redir
!
access-list 110 deny tcp host SQUIDIP any eq www
access-list 110 permit tcp any any eq www
route-map proxy-redir permit 10
match ip address 110
set ip next-hop SQUIDIP
So basically from above you can see I added the “route-map” declaration, and an access-list, and then turned the route-map on under int e0 “ip policy route-map proxy-redir” The host above: SQUIDIP, is the ip number of my squid host.
đź”— Thanks
Many thanks to the following individuals and the squid-users list for helping me get redirection and interception proxying working on my Cisco/Linux box.
- Lincoln Dale
- Riccardo Vratogna
- Mark White
- HenrikNordström
⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.
Categories: ConfigExample
Navigation: Site Search, Site Pages, Categories, 🔼 go up