[Guide] How to redirect http

traffic from Cisco 3750/ASA

5520 to Squid Proxy Server

Network Details My Cisco ASA 172.16.1.1

Cisco Switch 3750 (interface which is facing to ASA) 172.16.1.2
Cisco Switch 3750 Vlan2 IP 10.10.10.1
Internal Network 10.10.10.1/24
Vlan2 IP (i.e. 10.10.10.1) is my network gateway & I am going to
redirect all port 80 i.e. http traffic to my Squid.
Here we go!!! :
1. Install & configure your Squid proxy server. I am going to
cover squid installation steps in next post.

2. Configure the squid in transparent mode so that no need to

manually specify the proxy server IP to each users.
http_port 3128 transparent
3. Login to the Cisco Gateway. My network gateway is Cisco
3750. Same below process applies to the Cisco ASA.
4. For policy based routing (PBR) we need to enable SDM
templates if its not enabled on your Cisco 3750 switch. In some
case you need to update your IOS to latest release.
# config t
config-t# sdm prefer routing
5. After enabling SDM templates save the switch configuration &
reload it to apply the setting..
#wr
#reload
6. Now create access list to redirect http (port 80) traffic to the
squid proxy server
access-list 111 deny tcp any any neq www
access-list 111 deny tcp host SQUID-PROXY-IP any
access-list 111 permit tcp any any
7. Now create Route Map
route-map proxy-redirect permit 100
match ip address 111
set ip next-hop SQUID-PROXY-IP
8. Now apply route map to the Switch interface Vlan2 (i.e.
gateway of your network)
config-t#interface Vlan2
Interface#ip policy route-map proxy-redirect
9. To check whether our gateway is redirecting port 80 traffic or
not. Run below command
#sh route-map