AAA, NAC, Guest Access & BYOD

Reply
Contributor II
alexsuoy
Posts: 59
Registered: ‎02-07-2013

Redirecting http traffic to a squid web cache

Hi,

I'm just wondering if it is possible to create a policy that'll allow us to redirec traffic for specifc urls to a squid proxy. We have two SSIDS configured here

 

1) Eduroam  - our production network for properly configured wireless clients, auth via 802.1x

 

2) UoY Setup - local open private address space SSID using dnsredirection to point users at a client network configuration utility that sets up theclient with appropriate credentials to connect to SSID eduroam. Basically client associates with an open network, dns redirector hands out a real IP addresses for local sites we want them to access and resolves everything else to a fixed IP address, which is the address associated with the configuration package.

 

Up till now this has worked just fine, except ...... in order for the package to configure an android device the client needs to download something from Google Play... which we can't do because its on a private network with no routable access to the outside world. 

 

I can set up a squid web cache that'll give clients on UoY setup access to the outside worls  but I need to get traffic from a client to the squid cache in the first place and android doesn't support auto detect proxy settings. We're trying to make this as independent of user input as possible.

 

Can I set up a user policy that says

 

"For http(s) traffic to this "<regular expression URL" , redirect traffic to our squid cache"

"for http(s) traffic to this <local url> pass traffic direct to the url

"for everything else redirect to <a specific IP address>"

 

Rgds

Alex

 

Aruba
clembo
Posts: 1,197
Registered: ‎04-13-2009

Re: Redirecting http traffic to a squid web cache

You have a couple of options to try here.

 

First, have you tried to Source NAT traffic to the Google Play sites using the src-nat action in the firewall?  Likewise, you can try and force http/https traffic to those sames sites to the squid server using the destination nat rules action; dst-nat.

------------------------------------------------
Systems Engineer, Northeast USA
Email: clembo@arubanetworks.com

Aruba
clembo
Posts: 1,197
Registered: ‎04-13-2009

Re: Redirecting http traffic to a squid web cache

more information:

 

ip name-server 8.8.8.8

ip domain-name company.com

ip domain lookup

 

netdestination google-play

name android.clients.google.com

 

user svc-http alias google-play src-nat

 

or 

 

user svc-http alias google-play dst-nat <squid ip> <dst port>

 

 

------------------------------------------------
Systems Engineer, Northeast USA
Email: clembo@arubanetworks.com

Search Airheads
Showing results for 
Search instead for 
Do you mean