Edward wrote:
> I have the a policy route to the cache on one ip address.
>
> eg
> access-list 110 deny tcp any any neq www
> access-list 110 deny tcp host 200.50.68.7 any
[...]
> The other IP is 64.110.11.2.
>
> As you can see here, the ciso is only sending to the 200.50.68.7.
>
> What I believe here, after sending you that email, 64.110.11.2 is not
> getting pass the router faste0/0 interface.
Correct. Your Cisco does not know that 64.110.11.2 should not be
redirected to 200.50.68.7.
I seem to remember that your clients is actually on different subnets
than your servers. In such case it is probably better to reverse the
router ACL to tell what should be redirected rather than what should
not. I.e. only redirect your client networks to the proxy.
> If that is the case then I will have to add
>
> access-list 110 deny tcp host 64.110.11.2 any
>
> to the access-list.
>
> What do you think Henrik?
Not a Cisco expert, but it looks like a step in the correct direction.
-- Henrik Nordstrom Squid HackerReceived on Sun May 06 2001 - 13:53:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:50 MST