This is a strange one. We are terminating an L2TP tunnel on our Cisco 7200 running ios c7200-js-mz.123-13.bin. The tunnel is using a virtual template which has the proxy route map enabled on it. The relevant Cisco config: access-list 110 deny tcp host 10.0.0.2 any # squid server eth0:1 access-list 110 permit tcp any any eq www access-list 110 deny ip any any route-map proxy-redirect permit 10 match ip address 110 set ip next-hop 10.0.0.2 # squid server eth0:1 interface Virtual-Template1 description Tunnel Virtual Template ip unnumbered FastEthernet3/0 ip mroute-cache ip policy route-map proxy-redirect no logging event link-status timeout absolute 4320 0 peer default ip address pool IP-POOL no keepalive ppp authentication chap pap callin ppp multilink The Centos box is running IPTables with the following rules for squid: iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 And it?s a standard squid config. Some users are able to browse web sites fine. However a handful of users can?t they get ?Web site found? in the IE status bar and blue progress lines but the site fails. I can see the request for the site hit the squid access log. Has anyone got a setup like this and if so am I doing it correctly? Thanks Tony
