harazy
asked on
Select which Route/Gateway to use
My LAN use local 192.x.x.x IP address. I have 2 different connections/gateways for the people inside the LAN to access the internet.
Connection Outside IP Gateway
A 219.93.A.B 219.93.C.D
B 202.185.W.X 202.185.Y.Z
Is there anyway that I can configure the network so which gateway is going to used depend on the site/address on the Internet that someone inside the LAN want to access?
Thanks
Connection Outside IP Gateway
A 219.93.A.B 219.93.C.D
B 202.185.W.X 202.185.Y.Z
Is there anyway that I can configure the network so which gateway is going to used depend on the site/address on the Internet that someone inside the LAN want to access?
Thanks
ASKER
Thanks scampgb,
Actually, we (my company) have subscribe to online journals that allow access by looking at what the IP address of incoming connections at their site.
Currently we use connection B (ref. above) for all outgoing connection, so there is no problem accessing that journals. This is fixed/direct line with 5 available static public IP address.
Now we have additional ADSL connection that provides better connection speed and could solve other problems we have here. Our ISP provide only 1 static public IP address with this connection. I would like to configure our network to use this line for all outgoing connections except for accessing those journals.
External Network Connection: (let say)
Connection A (ADSL)
Gateway: 219.93.A.89
IP address: 219.93.A.90
Subnet: 255.255.255.252
Connection B (Fixed)
Gateway: 202.185.B.100
IP addresses: 202.185.B.101 - 202.185.B.105
Subnet: 255.255.255.128
Internal Network Connection:
IP addresses: 192.168.0.x (255.255.255.0)
For the IP translation, we have Cisco PIX501 firewall (2 interface: outside - 202.185.B.101, inside - 192.168.0.1)
Please advise if we need to purchase additional hardware.
Thanks again.
Actually, we (my company) have subscribe to online journals that allow access by looking at what the IP address of incoming connections at their site.
Currently we use connection B (ref. above) for all outgoing connection, so there is no problem accessing that journals. This is fixed/direct line with 5 available static public IP address.
Now we have additional ADSL connection that provides better connection speed and could solve other problems we have here. Our ISP provide only 1 static public IP address with this connection. I would like to configure our network to use this line for all outgoing connections except for accessing those journals.
External Network Connection: (let say)
Connection A (ADSL)
Gateway: 219.93.A.89
IP address: 219.93.A.90
Subnet: 255.255.255.252
Connection B (Fixed)
Gateway: 202.185.B.100
IP addresses: 202.185.B.101 - 202.185.B.105
Subnet: 255.255.255.128
Internal Network Connection:
IP addresses: 192.168.0.x (255.255.255.0)
For the IP translation, we have Cisco PIX501 firewall (2 interface: outside - 202.185.B.101, inside - 192.168.0.1)
Please advise if we need to purchase additional hardware.
Thanks again.
ASKER
To make it simple,
what I want to do is,
I am able to access for example www.yahoo.com using Connection/Gateway A -and-
access www.google.com using Connection/Gateway B
Is that possible?
what I want to do is,
I am able to access for example www.yahoo.com using Connection/Gateway A -and-
access www.google.com using Connection/Gateway B
Is that possible?
Yes I agree. You can alter the individual PC routing tables, but this would not be the way to go as far as I'm concerned. You should alter the routing tables of 1 of the gateway/routers.
Makes a bit more sense now :-)
Which device do you have configured as your PC's/server's default gateway?
That's the device that you should put the routes on.
This assumes that you know the IPs of your journals' websites.
Which device do you have configured as your PC's/server's default gateway?
That's the device that you should put the routes on.
This assumes that you know the IPs of your journals' websites.
I'm not sure if this one will work. But seemed sensible to me.
Config every machine inside to use Cisco Pix as the gateway.
Enter a seperate route for every seperate journals web site on the pix, with a next hop which is the intrernal IP Address of the ADSL Modem (if any).
If the modem is connected directly to a server, then this server must be configured as a router, so the next hop address for the routes on the pix should be this servers internal IP Address.
That should solve your problem.
Config every machine inside to use Cisco Pix as the gateway.
Enter a seperate route for every seperate journals web site on the pix, with a next hop which is the intrernal IP Address of the ADSL Modem (if any).
If the modem is connected directly to a server, then this server must be configured as a router, so the next hop address for the routes on the pix should be this servers internal IP Address.
That should solve your problem.
ASKER
My default gateway for all the PC's/Server's inside the LAN is the PIX firewall.
Should I put all the routing information on the PIX?
Would you provide configuration example for the PIX?
Thank you guys.
Should I put all the routing information on the PIX?
Would you provide configuration example for the PIX?
Thank you guys.
ASKER
My current configuration is like this:
inside outside
192.168.0.1 202.185.B.101
+------------------+ +-----------------+ +---------------+ +-----------
| Local network +-----+ PIX Firewall +-----+ Gateway B +-----+ Internet
| 192.168.0.x | | | | | |
+------------------+ +-----------------+ +---------------+ +-----------
202.185.B.100
Can I change it to something like this?
+-------------+ +-----------
| Gateway A | |
+--------+ (ADSL) +---+
inside outside | +-------------+ |
192.168.0.1 ? | 219.93.A.89 |
+------------------+ +-----------------+ +-----+-----+ |
| Local network +-----+ PIX Firewall +-----+ Switch | | Internet
| 192.168.0.x | | | | | |
+------------------+ +-----------------+ +-----+-----+ |
default routing table? | |
gateway | +--------------+ |
192.168.0.1 +--------+ Gateway B +---+
(PIX firewall) | | |
+--------------+ |
202.185.B.100 |
+----------------
The questions are, which IP should I use for the firewall outside interface?
Let say one of the journals IP address is 212.111.212.111, how am I going to configure it on the PIX?
inside outside
192.168.0.1 202.185.B.101
+------------------+ +-----------------+ +---------------+ +-----------
| Local network +-----+ PIX Firewall +-----+ Gateway B +-----+ Internet
| 192.168.0.x | | | | | |
+------------------+ +-----------------+ +---------------+ +-----------
202.185.B.100
Can I change it to something like this?
+-------------+ +-----------
| Gateway A | |
+--------+ (ADSL) +---+
inside outside | +-------------+ |
192.168.0.1 ? | 219.93.A.89 |
+------------------+ +-----------------+ +-----+-----+ |
| Local network +-----+ PIX Firewall +-----+ Switch | | Internet
| 192.168.0.x | | | | | |
+------------------+ +-----------------+ +-----+-----+ |
default routing table? | |
gateway | +--------------+ |
192.168.0.1 +--------+ Gateway B +---+
(PIX firewall) | | |
+--------------+ |
202.185.B.100 |
+----------------
The questions are, which IP should I use for the firewall outside interface?
Let say one of the journals IP address is 212.111.212.111, how am I going to configure it on the PIX?
ASKER
One more questions..
Can I use the 202.185.B.x public IP address for the outside PIX firewall interface and choose the ADSL modem (219.93.A.89) as the next hop gateway after the default gateway (PIX firewall)?
That way, I could still access the jounals, have our connection speed improve, don't have to use Gateway B & don't need to configure the routing tables.
Is there any other problems?
Can I use the 202.185.B.x public IP address for the outside PIX firewall interface and choose the ADSL modem (219.93.A.89) as the next hop gateway after the default gateway (PIX firewall)?
That way, I could still access the jounals, have our connection speed improve, don't have to use Gateway B & don't need to configure the routing tables.
Is there any other problems?
Your diagram above looks like the ideal approach. However, it is dependant on the PIX firewall being able to have two "external" addresses and understanding how to route them.
I've looked at the datasheet for the PIX 501 - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html - and I don't think it's able to do this.
I could be wrong though - I've never tried it :-)
I know it seems obvious, but can't you just tell the Journals provider(s) that you've changed your IP address? It'll be a perfectly routine this for them, and save you a load of work!
I've looked at the datasheet for the PIX 501 - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html - and I don't think it's able to do this.
I could be wrong though - I've never tried it :-)
I know it seems obvious, but can't you just tell the Journals provider(s) that you've changed your IP address? It'll be a perfectly routine this for them, and save you a load of work!
ASKER
scampgb, you're correct, the pix501 doesn't have more than 1 outside interface.
let just say that I can't tell the journals provider to change the IP address,
if I change the firewall to one that can be assigned more than 1 outside interface, would you provide the configuration for it; i.e routing table, nat configuration?
Do you have specific model in mind? firewall/router that can be configured the way you said?
thanks a lot
let just say that I can't tell the journals provider to change the IP address,
if I change the firewall to one that can be assigned more than 1 outside interface, would you provide the configuration for it; i.e routing table, nat configuration?
Do you have specific model in mind? firewall/router that can be configured the way you said?
thanks a lot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad I could help :-)
Yes, you are able to do what you want - you will need to configure routing tables on the PCs or on the routers themselves.
You've listed the outside IPs, but the routers will also need to have an IP on the Internal network.
So that I can advise you better, can you please let me know what you want to achieve by doing this?
It would also really help if you could let us know the make & model of the routers, and the type of Internet connections