cisco 3945 router.. lease line/ adsl mix up
hi guys
im having a problem at a client...
its very complicated to explain the full environment but the basic problem i am having is
we just installed a TMG server but before the TMG install the router say all traffic from the exchange servers IP address as traffic for the lease line and the rest would be for adsl..
now after the TMG install all the traffic is coming from one IP address ( the TMG external nic)
so now the router doesnt know what to do with the traffic (to send it on lease line or adsl)
is there a way or rule on the router (cisco 3945 router) that all HTTP/HTTPS traffic uses the ADSL and all SMTP traffic uses the lease line?
thanks for the help
im having a problem at a client...
its very complicated to explain the full environment but the basic problem i am having is
we just installed a TMG server but before the TMG install the router say all traffic from the exchange servers IP address as traffic for the lease line and the rest would be for adsl..
now after the TMG install all the traffic is coming from one IP address ( the TMG external nic)
so now the router doesnt know what to do with the traffic (to send it on lease line or adsl)
is there a way or rule on the router (cisco 3945 router) that all HTTP/HTTPS traffic uses the ADSL and all SMTP traffic uses the lease line?
thanks for the help
You can try doing policy-based routing and specify protocol in the ACL, but I've never configured it that way so I can't guarantee there isn't some performance-based reason not to do that. Here's a sample that might help to get you started:
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 443
access-list 102 permit tcp any any eq 25
route-map WEB permit 10
match ip add 101
set interface <ADSL>
route map MAIL permit 10
match ip add 102
set interface <LEASE>
interface <ADSL>
ip policy route-map WEB
interface <LEASE>
ip policy route-map MAIL
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 443
access-list 102 permit tcp any any eq 25
route-map WEB permit 10
match ip add 101
set interface <ADSL>
route map MAIL permit 10
match ip add 102
set interface <LEASE>
interface <ADSL>
ip policy route-map WEB
interface <LEASE>
ip policy route-map MAIL
policy based routing as explained above is the solution for you,
of course you can manipulate the access-lists and use it on the incoming interface to affect outbound traffic from your router, these config above are for the inbound traffic
of course you can manipulate the access-lists and use it on the incoming interface to affect outbound traffic from your router, these config above are for the inbound traffic
ASKER
yeah the only problem with this is that its based by destination IP
before TMG the rules stated that everything coming from the Exchange servers IP address will go out the lease line..
but now all the traffic is coming out the external interface of the TMG so the router is only seeing one IP address so its had to split the types of traffic..
this is the reason i need to split http/https and smtp traffic
but i have found that only layer7 appliances are able to do this...
before TMG the rules stated that everything coming from the Exchange servers IP address will go out the lease line..
but now all the traffic is coming out the external interface of the TMG so the router is only seeing one IP address so its had to split the types of traffic..
this is the reason i need to split http/https and smtp traffic
but i have found that only layer7 appliances are able to do this...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
had to add an extra nic on the TMG server one for internal one for web publishing and one for internet
http://www.petri.co.il/how