Captive Portal with explicit proxy on client side


i want to implement Assessment at our site.
So everything works but there is just one problem with the web Redirection.
Our Clients have an explicit proxy configuration.
So i implemented Policy based Routing on our 7100 Series Router Switch.
This works perfectly for clients without an explicit proxy configured.

The problem:
A Client with explicit proxy configuration does not see the Remediation page. So tried to redirect the proxy request on port 3128 to the nac appliance but the squid on nac does not answer.
The packages are getting redirected to the nac (seen with TCPDUMP).
Then i implented a second proxy server (squid) and tried to redirect with PBR, but it also does not answer. It seems like that a proxy redirection with PBR is not possible?

Why does it not work with explicit proxy configuration? Maybe NAT is the solution because the source and destination fields in the ip header are the problem? But why does that work with http?

The only thing that works was DNS-Proxy but i don't want to change the client config.
Has anyone done a DNS-Redirection with PBR? Maybe thats a solution?


1 reply

Userlevel 4
Hello Ron,

Did you also ask this in a recent GATC case? Someone named "Ronny" with a 7100 switch in routing mode had the same exact question and he was able to get this to work with IP Tables on the NAC, albeit this is not officially supported. Other than the IP Tables, these questions: "It seems like that a proxy redirection with PBR is not possible?" and "Has anyone done a DNS-Redirection with PBR?" should probably got to the switching/routing group.

Scott Keene