?
Solved

Routing and Switching: VLAN & Traffic Shaping.

Posted on 2006-07-08
4
Medium Priority
?
1,566 Views
Last Modified: 2013-11-16
Hi All,

Hope this mail finds you all in good health and high spirits.

Comming to my query.


I have in my network:


Internet Router - Serial going to Leased Line.
E1 connecting to the Pix 515 3FE
E2 connecting to ADSL 1
E3 Connecting to ADSL 2
E4 Connecting to ADSL 3


Ethernet from Router E1 Connects to Pix Outside.


Pix Inside Connects to Proxy ISA Server.


Proxy ISA Server connects to CAT 4500 Switch with VLAN 10, VLAN 20, VLAN 30, VLAN 40, VLAN 50.



Requirement:


All internet WWW/FTP traffice to go through ADSL Lines.

VLAN 10 to go through ADSL 1
VLAN 20 to go through ADSL 2
VLAN 30,40,50 to go through ADSL 3.



Does the network design sound workable. If so any supporting docs for refrence.


Please feel free to email for further queries.


Rgds.

TA

0
Comment
Question by:tsdelvi
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Frabble
ID: 17064567
Assuming it's a Cisco router, then you'll use Policy-based routing.

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

You would create a policy and apply it to E1. The policy matches the source address with a whichever network and forwards to the required next hop gateway for ADSL 1, 2 or 3

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17064785
For sure this can be done using PBR but you have to understand the fact that, if you do the NAT on the PIX then, the router won't know or can't differentiate between these. So natting has to be done at the router in this case and only then you can divert traffic based on the subnet. What this tells is, if you want to terminate a vpn tunnel on the PIX then it wouldn't be possible.

Cheers,
Rajesh
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 150 total points
ID: 17064887
It is absolutely not workable.
Since only the T1 connects to the router the PIX would then have to make all the advanced routing decisions and it simply does not "do" PBR. The PIX can only have one default route and, for example, to send all www->any traffic to DSL 1 means DSL1 must be the default gateway, else the destination IP is all that matters and if that IP does not have a specified route out a specific interface then there is no choice but to toss it out to the default.

If they all connected to the router, then the router can make those types of policy based decisions and have multiple next-hops for specified traffic. Just not the PIX.

If they did all connect to the router, and you let the PIX do the NAT, then you can only nat to the public IP of your primary line and the router would have to double-nat all other traffic depending on what interface it goes out. It is easy enough to create separate nat/globals for each internal vlan so that your router knows which vlan generates the traffic that it needs to make routing decisions on.
0
 
LVL 15

Expert Comment

by:Frabble
ID: 17064959
> if you do the NAT on the PIX then, the router won't know or can't differentiate between these.

If you NAT on the PIX then source NAT to a different address based on the internal network. Apply PBR as mentioned. Source NAT again on router if required.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question