Redirect web traffic on SRP527W router

Hello,
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port.
I had a look at the Srp527w Router and can't find where this could be done.
Thanks,
Sent from Cisco Technical Support iPad App

Can anyone recommend a Small business type router that does provide web proxy functionality on the device.
Trying to find something that can provide this without the need to go an ASA firewall or equivalent.
Thanks.
Sent from Cisco Technical Support iPad App

Similar Messages

  • Redirecting web traffic

    Is there an easy way to redirect "some" web traffic using combo of ACL, Route-maps, Nat etc.
    I need some users to access a specific page but want the remainder of users to go to a different page.
    Thanks

    I fixed the Apache Server not starting up issue-It was an issue with the configuration.
    Still need some advice on the redirect.
    Thanks!
    Tyler

  • PPPoE user redirect web traffic

    Hi all
    In our service provider we have implemented PPPoE service .For the moment before the user connects to us I add this username and password .But for one test user I want that when he login ,the web traffic to redirect in another ip x.x.x.x:8002 .In radius for this user I have added the av-pair :Cisco-AVPair=url-redirect=http://x.x.x.x:8002 but the redirect of trafic does not happen .My question is :How I can redirect the web traffic without implement the SSG service??

    I think you can't without SSG.

  • Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

    Hi All,
    I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
    2811 having C2800NM-ADVIPSERVICESK9-M
    2811 router connects to the Internet SW then connects to the Internet router.
    Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
    Below is router config for VPN & NAT
    crypto keyring ISR_Keyring
      pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    crypto isakmp profile isa-profile
       keyring ISR_Keyring
       self-identity user-fqdn [email protected]
       match identity user vpn-proxy.websense.net
    crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
    crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
    set peer vpn.websense.net dynamic
    set transform-set ESP-NULL-SHA
    set isakmp-profile isa-profile
    match address 101
    interface FastEthernet0/1
    description connected to Internet
    ip address 216.222.208.101 255.255.255.128
    ip access-group HVAC_Public in
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map GUEST_WEB_FILTER
    access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
    access-list 103 permit ip 192.168.8.0 0.0.3.255 any
    ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
    ip nat inside source list 103 interface FastEthernet0/1 overload
    ip nat inside source route-map nonat pool mypool overload

    How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
    Check
    show crypto isakmp sa
    show crypto ipsec sa
    show crypto session
    You'd better remove the preshared key from your post.

  • How to configure DNS server to redirect all web traffic to one external website?

    I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
    (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

    Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
    If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
    A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

  • Is there any way to log web traffic information of the users with RV082 router ?

    Dear all,
    I just bought a RV082 router. I can't find any way for logging the web traffic of the users.
    Can it be done with the router ?
    Thanks
    Fabio

    Hello,
    If I am not mistaking the best you can do is to send syslog traffic to a server or locally (to a server being preferred) .
    But you are going to see stuff like this:
    30>Aug 3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2101->212.5.219.46:80 on ppp0) [0,0]
    <30>Aug 3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2102->81.0.235.240:80 on ppp0) [0,0]
    <30>Aug 3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2103->81.0.235.251:80 on ppp0) [0,0]
    <30>Aug 3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2104->212.5.219.46:80 on ppp0) [0,0]
    <30>Aug 3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2105->81.0.235.250:80 on ppp0) [0,0]
    <30>Aug 3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2106->212.5.219.46:80 on ppp0) [0,0]
    You will need an external device to make this happen, Having a proxy server such as Squid would do it for you and not just that but will optimize the newtork :)
    Regards,
    Jcarvaja
    CCIE 42930

  • RV180W Routing Web traffic to Router Interface

    Initially we had a rv110w in place and had problems with the port forwarding stopping a few times a day so we replaced with with a RV180W. Now port forwarding appears to be staying up, however I have a new problem. We host a web page, for some reason when an internal user points the url to the web page it resolves to the web interface of the Router and not the expected web page. If you are outside of the network it resolves to the correct web page. I am not sure why this is happening as it didn't happen with the RV110W or the PIX before that.
    Thanks
    Jeremy

    Hi Jeremy, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I just want to say thank you for your contribution that will be really helpful for all forum users.
    I think there is another way to resolve this issue, creating a second forward rule from the LAN to the destiny, I will share with you a document of forwarding steps, you can see it bellow:
    http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2865
    I hope you find this answer useful
    “Please rate useful posts so other users can benefit from it”
    Greetings, 
    Johnnatan Rodriguez Miranda.
    Cisco Network Support Engineer.

  • How to get polipo proxy to transparently handle web traffic?

    hello there,
    I've got a router PC at home. It runs privoxy so that any PC on my local network can browse the Internet in a reasonably secure way, with no ads and such.
    Because we often visit the same websites, I thought that's be a good thing to set up a caching proxy. I tried Squid, but found it difficult to configure, slow to start, etc. so I finally chose polipo, which is much lighter and simpler.
    On the web, many sources advise to have to following setup:
    1) local -- privoxy -- polipo -- internet
    I got such a setup, but I'd like to try the following instead:
    2) local -- polipo -- privoxy -- internet
    In my opinion it's more relevant because:
    - my router is quite old, and I think it would be lighter on resources to serve already privoxied cached pages, rather than having privoxy process every cached page
    - in terms of privacy, it's generally advised not to have a parent proxy on top of privoxy
    Privoxy acts as an intercepting proxy, so setup 1) was quite easy to configure. Web traffic is redirected to privoxy, then privoxy forwards it to polipo.
    Polipo does not act as an intercepting proxy, because its developer considers that "interception proxying is a fundamentally broken design [...], and will not be supported by Polipo". So far, the only possible workaround I found are :
    - configure browsers to use polipo: not suitable, I want any local network computer to be able to transparently connect to the internet
    - use yet another proxy to intercept traffic...
    - or, from polipo docs :
    If you want to use interception proxying in order to avoid manually configuring your clients, please use Netscape's proxy.pac auto-configuration (you don't need a separate web server, as a proxy.pac file can be served by Polipo's internal server).
    It gives link pointing to http://wp.netscape.com/eng/mozilla/2.0/ … -live.html which is dead.
    So, in short: is there a way to transparently route my web traffic through polipo?
    Thanks for any guidance.

    Not sure if your still looking for a solution, but I could think of a couple possible ways to redirect the traffic. One would be rinetd (Here). The other solution I thought would be iptables (FW_REDIRECT ??), but I have not tried that.
    I might try experimenting with a few ways, but let me know if you have it working..

  • Best practice for web servers behind a router (NAT, ACL, policy-map, VLAN)

    Hi,
    I'm a new Network admin, and I have some configuration questions about my installation (see attachment).
    I have 3 web servers behind a router.
    Public interface: 3 public ip adresses
    Private interface: router on a stick config ( 3 sub-interfaces, 3 different networks, 3 VLAN)
    I would to know the best way to redirect http traffic to the right server.
    My idea is to map a public address to a private address, via NAT, but I'm not sure for the configuration.  I could also redirect via Policy-map and filter by url content.
    So if you have some advise for this case, it would be really appreciated.
    Thank you.
    Chris.

    Hello Christophe,
    As I understand you want 1st that ; 
    if somebody go to A.local.com from internet then he will redirect to 192.168.1.10 in your internal network. 
    That means, you need static mapping between your public @ip address and your local ip address. 
    for this example, your local interface is Fa0/0.1 and I dont your public interface because it is not mention in your diagram. I will suppose S0/0 for public interface. 
    that is the config for the Web Server1. You can do the same with the remaining servers:
    interface fa0/0.1 
    ip nat inside
    interface serial0/0
     ip nat outside
    ip nat inside source static 192.168.1.10 172.1.2.3 
    static mapping from local to public. 
    I suppose you have done the dns mapping in your network and the ISP have done the same in his network. 
    ip route 171.1.2.3 interface serial0/0 
    or 
    ip route 0.0.0.0 0.0.0.0 interface serial0/0. 
    After these step for each web server, you will get the mapping. 
    Now you can restrict access to this ip only to http or https protocol on your isp and after on your local network 
    like
    ip access-list extended ACL_WebServer1
    permit ip any 192.168.1.10 eq www
    deny ip any 192.168.1.10
    exit
    interface fa0/0.1
     ip acess-group ACL_WebServer1 in
    no shut
    exit
    That is the first step. 
    Second step : you want to filter traffic by url, that means layer 5 to 7 filtering. 
    I am not sure that it is possible using cisco router with (ZBF + Regex).
    Check the first step and let us know ! 
    Please rate and mark as correct if it is the case. 
    Regards,

  • Redirecting http traffic to the proxy server

    Hi,
    We have a requirement to divert web traffic to blue coat proxy through firewall. Below is the setup
    Requirement:
    We need to divert web traffic from 10.20.200.0/23 [DMZ-STAFFNET] and point it to Bluecoat proxy to process the packets.
    Now that ASA doesn't support PBR to accomplish this, how can we accomplish this ? 

    Hi,
    To list one limitation that you might see in your scenario , You would only be able to redirect the subnets to the proxy from those subnets which are physically behind the interface where the WCCP server resides only. i.e. UNTRUST
    Now , talking about the NAT , why don't you try this NAT if you don't want to NAT the Source part of the Traffic:-
    (DMZ-STAFFNET) to (bluecoat) source static DMZ-STAFFNET DMZ-STAFFNET destination static internet proxy-server service original-http proxy-8080
    Also , ASA now supports Policy Based routing from ASA 9.4.1 :)
    Thanks and Regards,
    Vibhor Amrodia

  • Is there program for precise measuring of web traffic in/out my Mac?

    Some ISPs have their proprietary web traffic/usage indicators   but they are  crude, of no use for precise measurements.
    Widgets are  of no hellp either.
    Is there  a program which can display the internet traffic in/out of a computer at any given moment and display it instantly ?
    Ideally , able to display live (or by manual update) what  the traffic is to/from websites visited , email in/out data flow and creating a log, so I can have a record what exactly the web usage is, for example, for last 1 hour/ 1day/1 week.
    Is there such a program?
    Thanks in advance

    I've been using SurplusMeter waiting for AT&T U-verse to get their usage meter going (3 months of waiting) due to the caps they (supposedly) imposed on May 2, 2011.  They still haven't gotten their meter working and it's not clear the caps are being imposed (250 GB/month).  But I wanted to get a idea of how much I was using so I decided on SurplusMeter. 
    SurplusMeter has a number of nice features.  But without any other measurement tool to cooralate it with I have no idea how accurate it is. One thing I do know howerver is that in the case of U-verse, where all traffic goes through a U-verse provided router (they call it the "resident gateway") I can only measue the traffic in and out of my computer, not in and out of the router (no, there no separate info in the router to give me this info or I wouldn't have needed SurplusMeter).
    FWIW, there are other utilities that can give you some of this info or present it in different ways.  Here's a few others I looked at before choosing SurplusMeter:
    Net Monitor
    ProteMac Meter
    TraffiX
    UsageTracker

  • How to redirect https traffic to captive portal?

    Any WLC controller model (8500/5508/2504/vWLC) version 7.3 and up..
    This is unusual scenario wherein clients have a default homepage to https://www.google.com (sample only)
    Typical http web redirection don't have any problem at all. When you open your browser and type http://www.google.com it will redirect to captive portal without any problem.
    Is there any way to redirect https traffic to captive portal as well?

    redirection only happen on http traffic, a feature request has been issued to have the redirection happen on https.
    please check the following
    CSCar04580
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCar04580
    Please make sure to rate correct answers

  • Tunnelling web traffic through ssh

    for tunnelling web traffic through ssh, it says here
    http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
    that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
    to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
    btw, is it possible to view streaming video like youtube.com while using a proxy? if so, then how would i go about it?

    jordi wrote:
    ssh -D 4444 (or any other port number) youruser@yourserver
    see the manual:
    -D [bind_address:] port
                  Specifies a local ''dynamic'' application-level port forwarding.  This works by
                  allocating  a  socket  to listen to port on the local side, optionally bound to
                  the specified bind_address.  Whenever a connection is made to  this  port,  the
                  connection  is  forwarded over the secure channel, and the application protocol
                  is then used to determine where to connect to from the  remote  machine.   Cur‐
                  rently  the  SOCKS4  and  SOCKS5 protocols are supported, and ssh will act as a
                  SOCKS server.  Only root can forward privileged ports.  Dynamic  port  forward‐
                  ings can also be specified in the configuration file.
    streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...
    I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.
    1) I already know the ssh part, im talking about the configuration in firefox, sorry if i didn't make this clear.
    for tunnelling web traffic through ssh, it says here
    http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
    that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
    to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
    2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?
    ok it says here for vpn
    http://searchsecurity.techtarget.com/sDefi...213324,00.html#
    An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
    3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?
    4) btw, is ssh tunnelling an implementation of vpn?
    5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?
    Last edited by unregistered (2008-05-11 08:39:19)

  • WCCP not redirecting users traffic from other subnets

    Hello,
    I have configured WCCP redirection on ASA for redirecting transparently http and https traffic.
    I have configured a service ID 90 that contains 80 and 443 port. The ironport S160 has two interfaces, one for management and the other for data.
    The interface used for data is on a different subnet that the inside interface of ASA where it is configured WCCP.
    The problem is that the users that are in the same subnet with ironport data interface, their traffic gets redirected, while the traffic of the other users that are not in the same subnet with ironport data interface is not processed correctly from ironport and this users does not have internet access.
    Any idea ?
    BR,
    Ilir

    Ilir,
    How is this second group of users connected to the ASA?  Their outbound traffic has to be going out the "inside" interface also. If they are on another port on the ASA, WCCP won't catch their traffic. i.e. You can't use the DMZ interface on an ASA and point its web traffic at a WSA that lives inside.
    Ken

  • How to generate web traffic report on SharePoint 2013?

    Hello All,
    I am working on Intranet in SharePoint 2013 On Premise.
    There are functionalities like Poll, Survey, Event, Announcements etc.
    Now there is a requirement to create web traffic report for all these functionality. How should I generate web traffic report for all these?
    Thanks in Advance.

    Hi Darsh,
    Here is the out of box analytic reports you can view.  Please refer to the following article.
    SharePoint 2013 Analytics A Big Step Backward
    New Analytics in SharePoint 2013
    Please mark it answered, if your problem resolved or helpful. 

Maybe you are looking for