Cisco Switching/Routing :: 6509 Unable To Redirect Http Traffic

Mar 26, 2012

On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:

-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
 
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?

View 4 Replies


ADVERTISEMENT

Cisco Switching/Routing :: 6509 Use Policy Based Routing To Redirect Http Traffic

May 29, 2012

We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?

View 11 Replies View Related

Cisco Switching/Routing :: WCCP V2 - Unable To Redirect The HTTPS Traffic?

Jun 3, 2013

I am unable to redirect the HTTPS traffic on my cisco router with WCCP V2

View 2 Replies View Related

Cisco Switching/Routing :: HTTP Redirect Using 3750 Switch

Sep 16, 2012

I have tried search but found found anything for the 3750 switch about how to redirect HTTP, HTTPS & SMTP traffic to altenative gateway, than our standard gateway on our network, so here goes:
 
The network that need the HTTP, HTTPS and SMTP traffic redirect is 192.168.5.0/24 and should be redirect to 192.168.5.205 where as all other traffic need to be direct to 192.168.5.199.
 
Can the 3750 switch do this typo of refirect and if how?? I cannot find anything on the Cisco site stating how or even if it is possible! 

View 2 Replies View Related

Cisco Firewall :: Redirect HTTP / Ftp Traffic (ASA 5510)

Apr 25, 2011

i have the following scenario :
  
ISP1-------ASA 5510----------ISP2
                    |
                    |
                    |
                  LAN
 
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.

View 7 Replies View Related

Cisco Firewall :: Redirect Http And Https Traffic From ASA 5520 Via Squid?

Dec 20, 2010

Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?

View 18 Replies View Related

Cisco Firewall :: ASA5510 - Redirect HTTP Traffic To Internal Proxy?

Feb 13, 2011

I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
 
Http Traffic will be routed like that : PC ->  WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.

View 6 Replies View Related

Cisco Switching/Routing :: Can 7600 Redirect Layer 4 Traffic

Dec 6, 2012

i want to to ask about redirecting in MLS 7600 .assume the user a has an ip x.x.x.xand that user requested url...i want to to redirect his request to url...the users that have to pay the monthly bills , i want to give thim an ips  and redirect all the http requests from this to a special local webpage .is is applicable to to it on router cisco 7600 ??or is it applicable on router 7206 npeg2 ? also i have siwtch 2960g.i dont want to do it by proxy server.

View 4 Replies View Related

Cisco Switching/Routing :: 3560 Redirect Internet Traffic

Nov 24, 2011

At one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out.  At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch.  I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this? 

View 6 Replies View Related

Cisco :: 6509 - Unable To Tenet / SSH / HTTP To WISM

Feb 26, 2013

I have issue to access one of the wism on 6509 switch however other wism is ok both wism on switch are up and functional how to enable remote access on wism.

View 13 Replies View Related

Cisco Switching/Routing :: 3750 Cannot Mark Http Traffic With DSCP

Mar 14, 2012

I am trying to mark http packets from a web server with DSCP ef, but when I am doing a traffic capture all http packets have tos 0x0.I am able to mark UDP and ICMP packets originated from this server, but not any TCP traffic.The web server is in VLAN 20This is my config mls qos ip access-list extended MARK-HTTP-ACL  permit tcp host 10.10.10.10 eq www. [code]

View 4 Replies View Related

Cisco Switching/Routing :: 6509 ACL Block TCP Traffic One Way

Jul 14, 2010

Got servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.

View 4 Replies View Related

Cisco Switching/Routing :: View IP Traffic On NX7000 Like On 6509 OIS

Dec 8, 2011

I would like to have a view of ip traffic on NX7000 as I am used on 6509 OIS, running the above commands: [code] Finding something like on 7000 ?

View 2 Replies View Related

Cisco Switching/Routing :: 6509 / Unicast NLB High Traffic?

Apr 27, 2013

i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
 
[URL] 
 
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).

View 5 Replies View Related

Cisco Switching/Routing :: Traffic Flow Catalyst 6509 With WS-X6548-GE-TX

Nov 21, 2011

I'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric, 

View 2 Replies View Related

Cisco Switching/Routing :: 6509 QOS To Limit Bandwidth For Internet Traffic

Nov 5, 2012

We run a workers camp here and we currently have around 2500-3000 people using our 100MB internet pipe.  We are upgrading the pipe to 200MB soon but I still would like to limit how much bandwidth everyone is using.
 
We allow streaming media such as Netflix, youtube, apple TV and of course .So it gets full pretty fast.  We have QOS implemented although I wasn't here when it was done so I don't know a lot about it.  I would like to limit IPs to a certain amount of bandwidth. [code]

View 1 Replies View Related

Cisco Switching/Routing :: Capturing Traffic Flows From 3750 To 6509 Then To Netflow

Aug 6, 2012

I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.

View 4 Replies View Related

Cisco Switching/Routing :: Net-flow Not Reporting Egress Traffic On 6509 Vlan

Nov 27, 2011

We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
 
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
 
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
 
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
 
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]

View 9 Replies View Related

Cisco Switching/Routing :: 6509 - Block All FTP Traffic On Port 21 From Servers In Network

Oct 3, 2012

I am attempting to block all FTP traffic on port 21 from the servers in my network, and only allow FTP from one server to go out.
 
I have created the following ACL
  
access-list 101 Permit ip any any
access-list 101 Permit 21 1.1.1.1 0.0.0.0 any
access-list 101 Deny 21 any any
 
and have applied it to my truck VPN that goes up to my firewall
 
int Vlanxxx
ip access-group 101 out
 
But when i test ftp is still allowed by all servers.

View 6 Replies View Related

Cisco Firewall :: ASA 5505 - Http Inspection Dropping All Http Traffic

May 9, 2012

I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
 
Here is the setup: I'm not sure why the web traffic is getting dropped.
 
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto

[Code].....

View 2 Replies View Related

Cisco Switching/Routing :: 6509 - Unable To Ping IP In FWSM

Nov 17, 2012

I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.

View 2 Replies View Related

Cisco Switching/Routing :: 6509-E / VSS - Unable To Set Switch Number

Aug 28, 2012

I have a 6509-E chassis that was prevoius in a VSS configuration. Due to some VSL failures I had to cobvert it to a standalone chassis but would like to bring it back to a virtual system.

Whenever I try to convert it by using the command "switch convert mode virtual" I get the msg %Please configure local switch number first". After doing so by entering the CLI cmd "switch set switch_num 1 local" I still get the same message.

View 1 Replies View Related

Cisco Application :: CSS Or ACE 4710 Redirect HTTPS To Http

Feb 27, 2012

For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
 
But if the CSS is already handling traffic for existing url...  traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?

View 7 Replies View Related

Cisco Application :: ACE 4710 - Redirect HTTP To HTTPS?

Jun 21, 2012

I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.

View 4 Replies View Related

Cisco Application :: ACE 4700 Redirect HTTP To HTTPS?

Feb 6, 2013

How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.

View 7 Replies View Related

Cisco Firewall :: Redirect Http / Https To Port 8080 PIX 6.3?

Feb 27, 2013

I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
 
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
 
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
 
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
I get the following error: ERROR: duplicate of existing static
 
Is there a work around for this at all or am I stuck with the limitations of the software?

View 2 Replies View Related

Cisco Wireless :: WAP4410N HTTP Redirect And Internet Radios

Mar 12, 2013

I've got a HTTP Redirect to a dedicated html site with our internet usage policy set up on multiple WAP4410N access points.This is working like a charm with laptops, but not with internet radios. They can't connect to the internet probably freezing on the http redirected site.Is there any way to exclude these devices from the redirect?

View 3 Replies View Related

Cisco Wireless :: HTTP Redirect - 2504 WLAN Controller

Apr 23, 2012

I have a 2504 and my goal is to automatically redirect a users home page when they connect to a certain internal website. Authentication isn't a real concern just now.

Is it possible to simply have a users home page redirected when they open their browser upon connecting to the SSID? All of the documents available have stated to use 802.1x / RADIUS or other fancy tools.

View 3 Replies View Related

Cisco Switching/Routing :: 6509-E / Unable To Perform (ip Nat Inside Source Static Tcp Xxx Interface)

Jan 21, 2013

Platform:  
cisco6509-E   with FWSM
 Supervisor Engine 32 PISA 8GE
 sup-bootdisk:s32p3-adventerprisek9_wan-mz.122-18.ZY2.bin

command: 
 
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
 (config)#no ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
 #clear ip nat tran *
 (config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
 %Port 14029 is being used by system 
 Or %Static entry in use, cannot change
 
But when I perform "sh ip nat tran" command,There is nothing

View 1 Replies View Related

D-Link DIR-655 :: Routing All HTTP / Port 80 Traffic To Proxy Server?

Jul 18, 2011

I have a setup like this.

Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.

So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server.
That way it is transparent and then it is not needed to configure each computers browser settings.

I am pretty new to this and the router configurations.

The proxy server works fine if i configure the browser manually.

View 6 Replies View Related

Cisco Switching/Routing :: 6509 To 6509-E Chassis Upgrade?

Nov 21, 2011

I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:

     x3     48 ports
     x1     NAM
     x2     Sup720
     Running 12.2(18)SXF3
 
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?

View 2 Replies View Related

Cisco Switching/Routing :: Upgrade Of 6509 To 6509-E Chassis

Nov 21, 2011

I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:

x3     48 ports
x1     NAM
x2     Sup720

Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?

View 2 Replies View Related

Cisco Routers :: Redirect Web Traffic On SRP527W

Mar 16, 2012

Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved