> > Ok. So here at the office we have a T1 line and a backup DSL line. > > Basically we have NO CONTROL over the policies passed to us over the T1 > line, which means we can't have proxies set at login automatically. > > What I would like to do is connect two outside interfaces, one for the DSL > and T1 and two inside interfaces, one for the internal network, and one > for > the Cisco PIX 506E were using for VPN traffic. > > However, everyone is configured to go through 'Proxy A' on the T1, so I > was > wondering if some transparent action could be taken so squid sends only > the > requests that need to go to the T1 (Citrix and some apps) and send the > rest > through the DSL but do this transparently? > > Also, with the Cisco PIX 506E we can't setup a VPN because the machines > can't 'route' back to the PIX because its a different gateway on a > different > internet connection. Basically the route would have to be to send the VPN > pool subnet requests back to the PIX and not the T1 router. > > Some of this may sound confusing and I apologize I find it hard to explain > problems when the AC breaks in the office. > > Thank you! > If you have a machine on or outside the DSL that can act as a peer for squid its simple. The areas to look at are based on cache_peer with various acl to control things based on app user-agent headers. Amos
