Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Tested on a Cisco router with SAS and can confirm that this works!
- Before you start the deployment, you want to make sure that the CACHEBOX is on it's own Layer 3 interface in a different subnet to everything else in the network, otherwise this won't work.
- Here is the config I used to get this working in gns3:
- Create an access list permitting client subnets to go to any destination via port 80:
- config#ip access-list extended CACHEBOX80
- config#permit tcp *subnet_ip* *wildcard_mask* any eq www (or http on Ruckus)
- Create a route-map that will use this ACL and also redirect traffic to the CACHEBOX when traffic is going out of the network:
- config#route-map CACHEBOX80-MAP permit 10
- config#match ip address CACHEBOX80
- config#set ip next-hop *cachebox_ip*
- Apply this route-map to the client gateway interface of the Cisco/Ruckus device:
- config#int *client_facing_interface*
- config-if#ip policy route-map CACHEBOX80-MAP
- If you aren't doing SAS, this is all of the config you will need. Now onto SAS:
- Create an access list permitting traffic from any source to send traffic to your client subnets:
- config#ip access-list extended CACHEBOX90
- config#permit tcp any *subnet_ip* *wildcard_mask*
- Create a route-map that will use this ACL and also redirect traffic to the CACHEBOX when traffic is coming back into the network:
- config#route-map CACHEBOX90-MAP permit 10
- config#match ip address CACHEBOX90
- config#set ip next-hop *cachebox_ip*
- Apply this route-map to the WAN interface of the Cisco/Ruckus device:
- config#int *WAN_facing_interface*
- config-if#ip policy route-map CACHEBOX90-MAP
- As long as Source address Spoofing is enabled on the CACHEBOX, you should be good to go!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement