Cisco Nexus 9000 Series Configuration Manual page 57

Configuring ITD
Figure 10: Web-Proxy Deployment Mode
In this example, destination port 80/443 (ingress VLAN 10) to the Internet will be distributed to web-proxy
servers 10.1.50.1 and 10.1.50.2. Traffic on VLAN 10 destined to private networks (10.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12) will not be sent to the proxy.
Step 0: Configure an access-list
ip access-list ACL1
10 permit ip any any tcp 80
20 permit ip any any tcp 443
Step 1: Configure the ITD device group web-proxy servers and point to the server IP addresses.
itd device-group Web_Proxy_Servers
probe icmp
node ip 10.1.50.1
node ip 10.1.50.2
Step 2: Configure an exclude ACL to exclude all traffic destined to private IP addresses.
ip access-list itd_exclude_ACL
10 permit ip any 10.0.0.0/8
20 permit ip any 192.168.0.0/16
30 permit ip any 172.16.0.0/12
Step 3: Apply the exclude ACL.
Itd Web_proxy_SERVICE
device-group Web_Proxy_Servers
exclude access-list itd_exclude_ACL
access-list ACL1
ingress interface Vlan 10
failaction node reassign
load-balance method src ip
no shutdown
If return traffic redirection is also required for any reason, the following additional configuration steps are
needed.
Configuration Example: ITD as WCCP Replacement (Web-Proxy Deployment Mode)
Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 9.x
49