PIX Internal Port Redirect

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


I have a question that I cannot seem to get an answer for.  I have a PIX 506
that is configured as the clients network gateway.  Is there any way that I
can take traffic from the inside network and redirect that traffic to a
proxy server that is also on the inside network using the PIX?  Is this
possible?

TIA.




Re: PIX Internal Port Redirect


Kevin,


What are you plans for the Proxy?

It seems a bit strange to have a desire to use the PIX to send traffic
to a Proxy server since most people use a PIX as border device. A PIX
will not allow you to send traffic out an interface and back in, so I
don't think your wish can be accomplished. If you provide more details
I will try and help you, but your post is a bit vague.


Ken Vizena



Re: PIX Internal Port Redirect


kvizena@gmail.com wrote:
Quoted text here. Click to load it
The traditional or at least easiest to implement the proxy topology
involves more than just a firewall although the internal interface of a
new router becomes the LAN gateway. This new gateway must perform WCCP.
Cisco does this most reliably with a 2800 or 3700 router depending on
the traffic needs. The WCCP decides if the traffic is one for which it
recognizes via the configuration. You can proxy 80, 8080, ftp, h323,
etc. Linux squid does the actual proxying but its external interface is
one the external internet so you also have to have another public ip
adddress. There's much more documentation online at various places.
Commercially BlueCoat has packaged one of these ready to go.

--
"Never have so many understood so little about so much."
                              -- James Burke


Site Timeline