router behind firewall
Posted on 2008-10-08
I have wanted to figure out which users were the bandwidth hogs for a while.
Doing some research I found that using NTop and NetFlow would be one of the better solutions, but that this is not possible with a PIX/ASA Firewall. Additionally there isn't any way to get this information with the PIX/ASA by itself.
So here we are, I have an extra Cisco 3700 Series router sitting around and was thinking about setting it up between my LAN and my Firewall, but wasn't sure how to proceed.
I mean I know how to route from Subnet to subnet but I figured that would break the Firewall NAT's in place, etc.
Can someone please outline how to configure my set up to get "by user" Bandwidth utilization/access and maintain granular access control on a per IP basis using my hardware?
P.S. if there is a way to do it without the Router Id love to hear about it also!