ManojGTG
asked on
Spliting the bandwidth and the Users
Dear Sir,
We are using 1MB bandwidth for our internet browsing and application. Internet comming from the ISP router which is entering through Cisco Pix Firewall 515E, where we are nating the our private ip of the ISA server (i.e, 192.168.1.13) to the real ip.
We have 3 type sof user groups are defined :
Group 1. Accessing the internet directly through PIX firewall by nating (ie., is without going through ISA Server)
Grooup 2. Accessing the internet with full access of download and going through the ISA Server
Group 3. Accessing the internet without download and going throug the ISA Sever (Users are more in this group)
Now, what we want is to split the 1MB into two i.e, 772 KB (Bandwidth1), which is default) and 252 KB (Bandwidth2), which can be done in the ISP router.
Now we want to send the some of the users of Group 3 from ISA Server to the Bandwidth2 for their internet activity.
User are in 8 dffient network, separted by DSL Data Routers and Cisco Switch 3750. Ip address in different locations are 192.168.1.0 (Main location), 192.168.3.0, 192.168.10.0, 192.168.11.0 etc.
Can anyone tell me to solve this issue
Regards,
Manoj Mathew
We are using 1MB bandwidth for our internet browsing and application. Internet comming from the ISP router which is entering through Cisco Pix Firewall 515E, where we are nating the our private ip of the ISA server (i.e, 192.168.1.13) to the real ip.
We have 3 type sof user groups are defined :
Group 1. Accessing the internet directly through PIX firewall by nating (ie., is without going through ISA Server)
Grooup 2. Accessing the internet with full access of download and going through the ISA Server
Group 3. Accessing the internet without download and going throug the ISA Sever (Users are more in this group)
Now, what we want is to split the 1MB into two i.e, 772 KB (Bandwidth1), which is default) and 252 KB (Bandwidth2), which can be done in the ISP router.
Now we want to send the some of the users of Group 3 from ISA Server to the Bandwidth2 for their internet activity.
User are in 8 dffient network, separted by DSL Data Routers and Cisco Switch 3750. Ip address in different locations are 192.168.1.0 (Main location), 192.168.3.0, 192.168.10.0, 192.168.11.0 etc.
Can anyone tell me to solve this issue
Regards,
Manoj Mathew
Nyah247
Is there a specific reason to allow people to bypass ISA? I wouldn't but of course I don't operate in your environment. I don't know of any way to split bandwidth. For that you are looking at a packet shaping device or a third-party software like Bandwidth Splitter. I do not have experience with Bandwidth Splitter but I do have a Exinda packet shaper I really like.
ASKER
Hi Nyah247 and others,
Thank you very much for your replay and also for some enquiry.
Q) I wouldn't but of course I don't operate in your environment.
Baisc mode of internet secuirty is hardware based eg. PIX Firewall. Therefore, in our environment very high level users, which are few and needs all types of internet acitivities and application access and cannot afford a minutes of down time. These users are configured in this manner. In such case use of ISA dononot come in and ISA is software based and can be hung or Windows OS itself can be corrupted.
Q) I don't know of any way to split bandwidth
There are users who needs intenet connection at all times and their internet activites are important but vey very rarely. These users are surfing the internet most of the time and killing the bandwith. Therefore, such user's traffic can be sent to low bandwith connection, where they will not hurt internet NEEDED users.
What I think is, if we can add another NIC card in the ISA server and route all these users to new NIC ip (say 192.168.1.15) and then send these traffic o the splited network (lower bandwith) in the ISP Router after doing nating in our PIX firewall.
i.e., In the ISA Sever traffic comming from
192.168.1.105 (user ip) --------> 192.168.1.15 (Second IP of the ISA Sever)
In the PIX Firewall do the natting
192.168.1.15 --------> Real IP of the ISP
Will this work and if yes, can anyone give example, please
Regards,
Manoj Mathew
Kuwait
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.