Best way to redirect traffic\Authorize etc.

Posted on 2009-04-28
Last Modified: 2013-12-06

I have a few 2-way satellite links using a VSAT connecting to the Internet through Cisco equipment.

I attached a simplified sketch of such a network (in real life this network has some 3 Cisco 2811 routers & 3 Cisco 2950 switches involved).

As you see in the sketch, the clients have real-world IPs & there's the VSAT internal network (10.0.x.x) between the VSAT & the Cisco. Also the way back to the VSAT is through another third network (the DVB network).

I'd like to add some Captive portal\Authentication\Authorization server so the clients behind the VSAT would have to login before they proceed to the Internet.

What is the best way for me to go? please try to be as specific as possible.

Thanks in advance
Question by:meirjean
    LVL 57

    Accepted Solution

    Doe it matter where this "security" box resides?

    I personally would suggest you get a proxy server and locate at the remote site.  The proxy server could do at least double duty, first force users to authenticate and second cache a lot of stuff to reduce the traffic on the VSAT link.  If you need to do site or content filtering, then it could also do that.

    I know that Squid is a free proxy server that does authentication.  You can also setup Squid (or most other other proxy servers) so that they are transparent in-line.  Meaning that they are physically in-line in-between the users  and the external router.  The advantage of in-line transparent proxying is that there is no configuration needed on the users desktop.  

    Author Comment


    What's going to prevent the client from bypassing the "security box" when it sits at his end?

    Thanks in advance,
    LVL 57

    Assisted Solution

    If you install the "security" box in-line they can't bypass it.  The setup would be:

    User <--> Switch <--> security-box <---> Internet router

    The security box would need two NIC's and be able to act as a transparent bridge.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Read about achieving the basic levels of HRIS security in the workplace.
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now