[c-nsp] Force all users on a 5300 to one web server

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sun Feb 27 13:36:36 EST 2005



> No it is not directly connected.....
> 
> Could I add a ip that is directly connected to the web server and
> redirect to that ip???

Bear in mind that policy-routing is not changing the IP header of the
packet, so unless the web server is physically directly connected, it
won't work as the next-hop router will route the pkt according to its
original header.  
So you need to put the web server next to your AS5300, or do the
policy-routing someplace else.

A cleaner solution is to use SSG, but this is non-trivial. Or you do
WCCP and configure your WCCP-aware proxy server to always return the
desired URL (not sure if this is possible, haven't touched proxies for a
while now).

	oli


> 
> ----- Original Message -----
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> To: "Melvin C. etheridge" <mele at enia.net>; "Cisco-Nsp"
> <cisco-nsp at puck.nether.net>
> Sent: Sunday, February 27, 2005 12:44 PM
> Subject: RE: [c-nsp] Force all users on a 5300 to one web server
> 
> 
> 
> Melvin C. etheridge <mailto:mele at enia.net> wrote on Sunday, February
> 27, 2005 6:42 PM:
> 
>> With this config:
>> 
>> access-list 110 deny   tcp host 12.31.84.2 any eq www
>> access-list 110 permit tcp any any eq www
>> 
>> route-map HTTP-Redirect permit 10
>>  match ip address 110
>>  set ip next-hop 12.31.84.2
> 
> Is 12.31.84.2 directly connected? If it isn't, you need to do this
> someplace else.
> 
>> interface FastEthernet0
>>  ip address 12.173.156.2 255.255.255.0
>>  ip access-group 131 out
>>  ip policy route-map HTTP-Redirect
> 
> not needed here, only at your Group-Async
> 
> oli
> 
>> 
>> 
>> ----- Original Message -----
>> From: "Melvin C. Etheridge" <mele at enia.net>
>> To: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>; "Cisco-Nsp"
>> <cisco-nsp at puck.nether.net> Sent: Sunday, February 27, 2005 10:28 AM
>> Subject: Re: [c-nsp] Force all users on a 5300 to one web server
>> 
>> 
>>> I've tried policy routing but it's not working.
>>> 
>>> I can still view other pages.
>>> 
>>> Mel
>>> 
>>> ----- Original Message -----
>>> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
>>> To: "Melvin C. Etheridge" <mele at enia.net>; "Cisco-Nsp"
>>> <cisco-nsp at puck.nether.net> Sent: Saturday, February 26, 2005 1:27
>>> PM Subject: RE: [c-nsp] Force all users on a 5300 to one web server
>>> 
>>> 
>>> Melvin C. Etheridge <> wrote on Saturday, February 26, 2005 7:12 PM:
>>> 
>>>> How can I force all port 80 traffic on a 5300 to goto one ip
>>>> address???
>>> 
>>> On the AS5300, you could investigate policy-routing or WCCP..
>>> 
>>> oli
>>> 
>>> 
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Anti-Virus.
>>> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 2/25/2005
>>> 
>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>>> 
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Anti-Virus.
>>> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 2/25/2005
>>> 
>>> 
>> 
>> 
>> 
>> 
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 2/25/2005
> 
> 
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 2/25/2005
> 
> 
> 
> 
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 2/25/2005



More information about the cisco-nsp mailing list