Supernet routing
NetworkA 10.10.0.0 /16
RouterA 10.10.20.1
NetworkB 10.10.98.0 /16
RouterB 10.10.20.10
I need to have all PCs on NetworkB to go to a default gateway at 10.10.20.10 while NetworkA uses the gateway of 10.10.20.1. RouterB will pass all traffic from NetworkB to NetworkA’s router at 10.10.20.1
I’m doing this so that I can use DHCP to ‘tag’ user computers that I want to filter/monitor internet activity on. Most users are assigned an IP like 10.10.99.1, while those suspected of abusing Internet privileges will get an IP addr like 10.10.98.1 The main router at 10.10.20.1 handles mapping our internal IPs to the proxy server and the router at 10.10.20.10 will simply add an extra step so that I can monitor traffic on that super-net. I will use DHCP reservations to assign the 10.10.98.x addresses and change the default gateway form 10.10.20.1 to 10.10.20.10
Is this scenario doable and can anyone point me in the right direction?
The router I have available is Cisco's ASA 5505.
N5EMX
RouterA 10.10.20.1
NetworkB 10.10.98.0 /16
RouterB 10.10.20.10
I need to have all PCs on NetworkB to go to a default gateway at 10.10.20.10 while NetworkA uses the gateway of 10.10.20.1. RouterB will pass all traffic from NetworkB to NetworkA’s router at 10.10.20.1
I’m doing this so that I can use DHCP to ‘tag’ user computers that I want to filter/monitor internet activity on. Most users are assigned an IP like 10.10.99.1, while those suspected of abusing Internet privileges will get an IP addr like 10.10.98.1 The main router at 10.10.20.1 handles mapping our internal IPs to the proxy server and the router at 10.10.20.10 will simply add an extra step so that I can monitor traffic on that super-net. I will use DHCP reservations to assign the 10.10.98.x addresses and change the default gateway form 10.10.20.1 to 10.10.20.10
Is this scenario doable and can anyone point me in the right direction?
The router I have available is Cisco's ASA 5505.
N5EMX
ArneLovius
Perhaps a diagram would be useful to illustrate how these networks work together sharing a /16 across two networks.
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem I'm running into is that I cannot make any changes to the default gateway. My corporate IT personnel own that box and I can only change what is behind that box. The idea of using some device to segregate a subset of our network so it can be filtered before it gets to the default router is my issue. The filter box works by sending a block page to the user, but the default gateway is blocking the block page. I essentially need to add the filter box in the middle between the subset of private IP addresses and the default gateway that routes out to our single public IP.
The traffic monitor/filter is a win2008 server and I'm not familiar with routing using this OS. The last time I tried I only managed to get the server to compete with the default gateway and the network traffic ground to halt. I only want to add this additional step to the 10.10.98.x ip range, the rest of the network works fine and I will force a DHCP renewal on the computers that will be monitored.
The traffic monitor/filter is a win2008 server and I'm not familiar with routing using this OS. The last time I tried I only managed to get the server to compete with the default gateway and the network traffic ground to halt. I only want to add this additional step to the 10.10.98.x ip range, the rest of the network works fine and I will force a DHCP renewal on the computers that will be monitored.
This doesn't make any sense to me. You say you have two networks (A & B) yet your diagram shows you have SIX networks (counting the Internet section).
You only need one Router and there is no point in a "Traffic Monitor/Filter" machine when you already have a Proxy server that already does all of that.
Do this:
Do your monitoring/blocking/whatev
You only need one Router and there is no point in a "Traffic Monitor/Filter" machine when you already have a Proxy server that already does all of that.
Do this:
Do your monitoring/blocking/whatev
ASKER
Our proxy doesn't give us the granularity of denial that we need. UserSetA only need to look at WebPageSetA and UserSetB to look at WebPageSetB. We are trying to deploy Websense WebFilter so that we can have a white list per user, but our configuration is not allowing the filtering server to send its block page to prevent users from surfing outside of their range.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good suggestions, but no concrete solution to my original question. Will seek a consultant that can come onsite to asses my needs and show me how to approach this.
I could probably do more, but I just don't know enough about Websense specifically as a product.