Solved

Routing and Switching: VLAN & Traffic Shaping.

Posted on 2006-07-08
4
1,510 Views
Last Modified: 2013-11-16
Hi All,

Hope this mail finds you all in good health and high spirits.

Comming to my query.


I have in my network:


Internet Router - Serial going to Leased Line.
E1 connecting to the Pix 515 3FE
E2 connecting to ADSL 1
E3 Connecting to ADSL 2
E4 Connecting to ADSL 3


Ethernet from Router E1 Connects to Pix Outside.


Pix Inside Connects to Proxy ISA Server.


Proxy ISA Server connects to CAT 4500 Switch with VLAN 10, VLAN 20, VLAN 30, VLAN 40, VLAN 50.



Requirement:


All internet WWW/FTP traffice to go through ADSL Lines.

VLAN 10 to go through ADSL 1
VLAN 20 to go through ADSL 2
VLAN 30,40,50 to go through ADSL 3.



Does the network design sound workable. If so any supporting docs for refrence.


Please feel free to email for further queries.


Rgds.

TA

0
Comment
Question by:tsdelvi
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Frabble
ID: 17064567
Assuming it's a Cisco router, then you'll use Policy-based routing.

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

You would create a policy and apply it to E1. The policy matches the source address with a whichever network and forwards to the required next hop gateway for ADSL 1, 2 or 3

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17064785
For sure this can be done using PBR but you have to understand the fact that, if you do the NAT on the PIX then, the router won't know or can't differentiate between these. So natting has to be done at the router in this case and only then you can divert traffic based on the subnet. What this tells is, if you want to terminate a vpn tunnel on the PIX then it wouldn't be possible.

Cheers,
Rajesh
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17064887
It is absolutely not workable.
Since only the T1 connects to the router the PIX would then have to make all the advanced routing decisions and it simply does not "do" PBR. The PIX can only have one default route and, for example, to send all www->any traffic to DSL 1 means DSL1 must be the default gateway, else the destination IP is all that matters and if that IP does not have a specified route out a specific interface then there is no choice but to toss it out to the default.

If they all connected to the router, then the router can make those types of policy based decisions and have multiple next-hops for specified traffic. Just not the PIX.

If they did all connect to the router, and you let the PIX do the NAT, then you can only nat to the public IP of your primary line and the router would have to double-nat all other traffic depending on what interface it goes out. It is easy enough to create separate nat/globals for each internal vlan so that your router knows which vlan generates the traffic that it needs to make routing decisions on.
0
 
LVL 15

Expert Comment

by:Frabble
ID: 17064959
> if you do the NAT on the PIX then, the router won't know or can't differentiate between these.

If you NAT on the PIX then source NAT to a different address based on the internal network. Apply PBR as mentioned. Source NAT again on router if required.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to RDP to windows 10 pro machine 15 74
networking details on centos 6.6 4 50
NAS with google authentication 6 60
Valid LIN protocol Protected ID values 1 20
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now