Solved

Different Gateways for Data and Internet Traffic (web proxy)

Posted on 2013-01-08
15
876 Views
Last Modified: 2013-01-18
Hi,

i would like to change data and Internet traffic by adding different gateways.

current network setup:

- internet is connected to firewall outside interface (122.133.121.120)

- firewall Inside interface (192.168.10.254 ) is connect to L3 (HP Procurve) swithch (192.168.10.1 ) and (192.168.20.1 - LAN)

- we have vlans configured on L3 switch and L3 switch is acting as Gateway for LAN machines.

- firewall LAN interface (192.168.10.1) is acting as GW for L3 switch.

* All data (vpn also) and internet traffic is passing through L3 and then Firewall at this moment.

- I configured Proxy server using TMG. ( TMG lan interface is having 192.168.20.2 without Gateway and WAN interface is having Public IP address.

i like to add routes as below:

1) All IP/Data traffic ( or ) traffic coming from 192.168.20.0 should pass through 192.168.20.1.

2) remaining all traffic (internet ) should pass through Proxy Server (TMG).



we are using HP Procurve 2910al switch.

much appreciate if any body help me to setup.

many thanks.
0
Comment
Question by:hellosoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
15 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38754798
I think you just need to apply a proxy to all the clients (either by gpo or manually)
and point that to the TMG.
0
 

Author Comment

by:hellosoft
ID: 38754820
Thanks for quick response,

but, what about websites running between VPN's . can we still access those sites,if i use GPO for poxy.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38754842
Yes , but it would probably require some routes/adjustments on the TMG/proxy
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:hellosoft
ID: 38754872
i think it would be easy, if we route traffic on L3 switch right.
no need to make changes in GPO and we leave by configuring Transparent Proxy.

Thanks,
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38755391
You should be able to set the default route to 192.168.20.2 (the TMG proxy) and then setup routes for all other subnets pointing to 192.168.20.1.

This assumes that the TMG box is configured so that it will act as a transparent proxy and a router/GW at the same time.
0
 

Author Comment

by:hellosoft
ID: 38755416
Thanks for response,

i got it. but,

i used the following commands

- ip route 192.168.0.0 255.255.255.0 192.168.20.1 ( for data and internal websites)

- ip route 0.0.0.0 0.0.0.0 192.168.20.2 ( for internet )

these commands didn't worked for me.


can you tell me commands or any example commands for my setup.

Thanks
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38755464
What do you mean by didn't work?
did you get an error or something?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 38755497
I re-read your question.

First please do answer setasoujiro's questions.

Second, you posted these two requirments:


1) All IP/Data traffic ( or ) traffic coming from 192.168.20.0 should pass through 192.168.20.1.

2) remaining all traffic (internet ) should pass through Proxy Server (TMG).

What do you mean by "IP/Data" and "Internet"?  "Internet" is not a type of traffic, the type of traffic on the Internet is "IP" and typically carriers data.

Routing tables send things based on the IP address of the destination, not based on the type of traffic and the destination.
0
 

Author Comment

by:hellosoft
ID: 38755498
sorry,

Data traffic is ok.
but,
unable to access local sites (inter-company) and internet is also not working.
0
 
LVL 14

Assisted Solution

by:setasoujiro
setasoujiro earned 250 total points
ID: 38755513
the other sites connected over vpn... shouldn't they be included in your routes?
It seems to me they are included in the 0.0.0.0 and that won't work.
0
 

Author Comment

by:hellosoft
ID: 38755516
check the all reply messages.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38755527
Are there other IP subnets on your internal network?

If so, then you need static routes defined pointing to the the correct router/GW.  192.168.20.1?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 38755531
If data traffic is working through .2, then this would be fine.
but as i said you would need to add the other sites as well in the routing table. Otherwise it will go to the TMG.

And for the "internet", are you sure the correct route is followed? do a traceroute and see what happens?
0
 

Author Closing Comment

by:hellosoft
ID: 38792541
resolved issue my self.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38793078
Could you share with us how you resolved it.  That way others that need to do the same thing may benefit from your solution.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question