Re: Transparent on Cisco

From: C. Jon Larsen <>
Date: Mon, 18 Jan 1999 22:27:08 -0500 (EST)

You need to policy route on each interface. ALso, if you are using locally
originated traffic on the router to test, like ICMP or telnet, you need ip
local policy global command. Second, you will want to disable ip
route-cache on each interface if/when debugging a policy routed flow,
otherwise you only see the first packet in the flow in debug mode.

I used to have this kind of a setup. I discovered that using IP masq on
the squid host is more reliable, and less prone to problems than doing
policy routing (I had 10+ bri interfaces on a C4000, though). Now, my 3640
simply talks OSPF with a couple of Squid proxys that also run gated and
some IP masq rulesets.

On Mon, 18 Jan 1999, Anthony Lemons wrote:

> I have a Cisco 3640 with two serial ports in use. s0/0 is our main T1 and
> s0/1 is a T1 to one of our POPs. I followed along with the faq and was able
> to setup transparent proxying as the example stated. Traffic from our main
> location is redirected to our Squid box just fine. However none of the
> traffic over s0/1 passes through our main ethernet so isn't picked up via
> the proxy-redirect on the Cisco since I applied the route-map to the
> ethernet interface. My question is how do I reliably set the Cisco up so
> that traffic over s0/1 is redirected to the Squid server as well? Do I
> appply the same proxy-redirect to the s0/1 interface that I applied to the
> ethernet interface.
> Anthony

C. Jon Larsen Email:
Systems Engineer Voice: +1.804.353.2800 x118
                          Cell: 357.3040
                          Pager: 219.3406
A&J Technologies

PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 16 1A 1B D2 61 EE 97
PGP Public key available at:
Received on Mon Jan 18 1999 - 20:18:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:04 MST