This is a strange one.
We are terminating an L2TP tunnel on our Cisco 7200 running ios
c7200-js-mz.123-13.bin.
The tunnel is using a virtual template which has the proxy route map enabled
on it.
The relevant Cisco config:
access-list 110 deny tcp host 10.0.0.2 any # squid server eth0:1
access-list 110 permit tcp any any eq www
access-list 110 deny ip any any
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop 10.0.0.2 # squid server eth0:1
interface Virtual-Template1
description Tunnel Virtual Template
ip unnumbered FastEthernet3/0
ip mroute-cache
ip policy route-map proxy-redirect
no logging event link-status
timeout absolute 4320 0
peer default ip address pool IP-POOL
no keepalive
ppp authentication chap pap callin
ppp multilink
The Centos box is running IPTables with the following rules for squid:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
And it’s a standard squid config.
Some users are able to browse web sites fine.
However a handful of users can’t they get “Web site found” in the IE status
bar and blue progress lines but the site fails.
I can see the request for the site hit the squid access log.
Has anyone got a setup like this and if so am I doing it correctly?
Thanks
Tony
Received on Sun Mar 05 2006 - 09:54:33 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST