[squid-users] Network Topology Questions

From: Sturgis, Grant <Grant.Sturgis@dont-contact.us>
Date: Mon, 1 Aug 2005 12:36:59 -0600

We are having serious problems getting traffic to our squid proxy
server. Currently we are using a proxy.pac file to tell browsers when
to use the proxy and where to find it. Unfortunately, MSIE seems to
decide randomly when (and when not) to use this file. It seems that
when laptop users go home and connect to VPN, then they get two IP
addresses (one for the VPN connection and one for the NIC), and the PAC
file can't figure out which one to use. This is a problem because we
use:

if (isInNet(myIpAddress(), "10.10.0.0", "255.255.0.0"))
return "PROXY 10.10.10.10:3128";

In the proxy.pac file. Funny thing is that sometimes it works and
sometimes it doesn't.

Anyway-

I thought that WCCP would be a good solution. Problem is, I can't seem
to get it to work (see earlier post or email me and I will resend).

So now I am searching for alternatives.

Can anyone comment on the topologies or network strategies that you are
using? I am considering an in-line approach:

---------------------- ----------- ------------
------------
| Internal Network | ------- | Proxy | ---- | Firewall | --- |
Internet |
---------------------- ----------- ------------
------------

But I don't like the idea of other outbound protocols (smtp, ssh)
needing to be routed through another device. Is this a silly concern?

Are there any other approaches that have worked well? Does a lot of
people out there use WCCP successfully?

Thanks in advance for any suggestions and comments.

Grant
-------

Pardon this:

This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. If you are not the
intended recipient, please be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.
Received on Mon Aug 01 2005 - 12:37:38 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT