[Guide] How to redirect http traffic from Cisco 3750/ASA 5520 to Squid Proxy Server
Below is my scenario as shown,
Network Details -
My Cisco ASA - 172.16.1.1
Cisco Switch 3750 (interface which is facing to ASA) - 172.16.1.2
Cisco Switch 3750 Vlan2 IP - 10.10.10.1
Internal Network - 10.10.10.1/24
Vlan2 IP (i.e. 10.10.10.1) is my network gateway & I am going to redirect all port 80 i.e. http traffic to my Squid.
Here we go!!!!
1. Install & configure your Squid proxy server. I am going to cover squid installation steps in next post.
2. Configure the squid in transparent mode so that no need to manually specify the proxy server IP to each users.
http_port 3128 transparent
3. Login to the Cisco Gateway. My network gateway is Cisco 3750. Same below process applies to the Cisco ASA.
4. For policy based routing (PBR) we need to enable SDM templates if it’s not enabled on your Cisco 3750 switch. In some case you need to update your IOS to latest release.
# config t
config-t# sdm prefer routing
5. After enabling SDM templates save the switch configuration & reload it to apply the setting..
#wr
#reload
6. Now create access list to redirect http (port 80) traffic to the squid proxy server
access-list 111 deny tcp any any neq www
access-list 111 deny tcp host SQUID-PROXY-IP any
access-list 111 permit tcp any any
7. Now create Route Map
route-map proxy-redirect permit 100
match ip address 111
set ip next-hop SQUID-PROXY-IP
8. Now apply route map to the Switch interface Vlan2 (i.e. gateway of your network)
config-t#interface Vlan2
interface#ip policy route-map proxy-redirect
9. To check whether our gateway is redirecting port 80 traffic or not. Run below command
#sh route-map
