Policy Routing web traffic on a Cisco 2501 Router

  • by Brian Feeny

Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

Outline

Here is how I have Interception proxying working for me, in an environment where my router is a Cisco 2501 running IOS 11.1.

You also need to configure the squid machine to handle the traffic it receives. See ConfigExamples/Intercept for details on configuring the rest.

Cisco Configuration

  • /!\ Replace SQUIDIP in the following with the IP address of your Squid host. /!\ Replace ROUTERIP in the following with the IP address of your Router.

In IOS 11.1 the route-map command is "process switched" as opposed to the faster "fast-switched" route-map which is found in IOS 11.2 and later. Even more recent versions CEF switch for much better performance.

!
interface Ethernet0
 description To Office Ethernet
 ip address ROUTERIP 255.255.255.0
 no ip directed-broadcast
 no ip mroute-cache
 ip policy route-map proxy-redir
!
access-list 110 deny   tcp host SQUIDIP any eq www
access-list 110 permit tcp any any eq www
route-map proxy-redir permit 10
 match ip address 110
 set ip next-hop SQUIDIP

So basically from above you can see I added the "route-map" declaration, and an access-list, and then turned the route-map on under int e0 "ip policy route-map proxy-redir" The host above: SQUIDIP, is the ip number of my squid host.

Thanks

Many thanks to the following individuals and the squid-users list for helping me get redirection and interception proxying working on my Cisco/Linux box.


CategoryConfigExample

ConfigExamples/Intercept/Cisco2501PolicyRoute (last edited 2009-04-03 07:24:17 by AmosJeffries)