mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-21 18:33:03 +00:00
Create wccp_and_pbr_to_wsa.md
This commit is contained in:
parent
ad537984dd
commit
c4d55bf9e3
1 changed files with 60 additions and 0 deletions
60
SCOR/wccp_and_pbr_to_wsa.md
Normal file
60
SCOR/wccp_and_pbr_to_wsa.md
Normal file
|
@ -0,0 +1,60 @@
|
|||
# Configuring WCCP or Policy-Based Routing to Send Traffic to WSA
|
||||
|
||||
## Configuring WCCP on a Cisco Switch
|
||||
Let’s take a look on how to configure WCCP on a Cisco switch to redirect traffic to the Cisco Secure Web Appliance.
|
||||
|
||||
1. Configure an access control list (ACL) to match the web traffic.
|
||||
|
||||
```
|
||||
ip access-list extended WEB-TRAFFIC
|
||||
permit tcp 10.1.1.0 0.0.0.255 any eq www
|
||||
permit tcp 10.1.2.0 0.0.0.255 any eq www
|
||||
permit tcp 10.1.1.0 0.0.0.255 any eq 443
|
||||
permit tcp 10.1.2.0 0.0.0.255 any eq 443
|
||||
```
|
||||
|
||||
2. Configure another ACL to define where to send the traffic (that is, the Cisco Secure Web Appliance’s IP address).
|
||||
|
||||
```
|
||||
ip access-list standard WSA
|
||||
permit 10.1.3.3
|
||||
```
|
||||
|
||||
3. Create the WCCP lists.
|
||||
```
|
||||
ip wccp web-cache redirect-list HTTP-TRAFFIC group-list WSA
|
||||
ip wccp 10 redirect-list FTP-TRAFFIC group-list WSA
|
||||
ip wccp 20 redirect-list HTTPS-TRAFFIC group-list WSA
|
||||
```
|
||||
|
||||
4. Configure the WCCP redirection of traffic on the source interface.
|
||||
```
|
||||
interface vlan88
|
||||
ip wccp web-cache redirect in
|
||||
ip wccp 10 redirect in
|
||||
ip wccp 20 redirect in
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Traffic Redirection with Policy-Based Routing
|
||||
You can also configure PBR on a Cisco router to redirect web traffic to the Cisco Secure Web Appliance.
|
||||
|
||||
Configuring PBR can affect the router’s performance if enabled in software (without hardware acceleration). You should review the respective router documentation to determine any impact.
|
||||
|
||||
- First, a PBR policy is configured in a Cisco router that matches traffic from two source subnets (10.1.1.0/24 and 10.1.1.2.0/24).
|
||||
- The web traffic is received on interface VLAN 88.
|
||||
- The traffic is sent to the Cisco Secure Web Appliance configured with IP address 10.1.2.3.
|
||||
|
||||
```
|
||||
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq 80
|
||||
access-list 101 permit tcp 10.1.2.0 0.0.0.255 any eq 80
|
||||
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq 443
|
||||
access-list 101 permit tcp 10.1.2.0 0.0.0.255 any eq 443
|
||||
!
|
||||
route-map WebRedirect permit 10
|
||||
match ip address 101
|
||||
set ip next-hop 10.1.3.3
|
||||
interface vlan88
|
||||
ip policy route-map WebRedirect
|
||||
```
|
Loading…
Reference in a new issue