Different Gateways for Data and Internet Traffic (web proxy)
Hi,
i would like to change data and Internet traffic by adding different gateways.
current network setup:
- internet is connected to firewall outside interface (122.133.121.120)
- firewall Inside interface (192.168.10.254 ) is connect to L3 (HP Procurve) swithch (192.168.10.1 ) and (192.168.20.1 - LAN)
- we have vlans configured on L3 switch and L3 switch is acting as Gateway for LAN machines.
- firewall LAN interface (192.168.10.1) is acting as GW for L3 switch.
* All data (vpn also) and internet traffic is passing through L3 and then Firewall at this moment.
- I configured Proxy server using TMG. ( TMG lan interface is having 192.168.20.2 without Gateway and WAN interface is having Public IP address.
i like to add routes as below:
1) All IP/Data traffic ( or ) traffic coming from 192.168.20.0 should pass through 192.168.20.1.
2) remaining all traffic (internet ) should pass through Proxy Server (TMG).
we are using HP Procurve 2910al switch.
much appreciate if any body help me to setup.
many thanks.
i would like to change data and Internet traffic by adding different gateways.
current network setup:
- internet is connected to firewall outside interface (122.133.121.120)
- firewall Inside interface (192.168.10.254 ) is connect to L3 (HP Procurve) swithch (192.168.10.1 ) and (192.168.20.1 - LAN)
- we have vlans configured on L3 switch and L3 switch is acting as Gateway for LAN machines.
- firewall LAN interface (192.168.10.1) is acting as GW for L3 switch.
* All data (vpn also) and internet traffic is passing through L3 and then Firewall at this moment.
- I configured Proxy server using TMG. ( TMG lan interface is having 192.168.20.2 without Gateway and WAN interface is having Public IP address.
i like to add routes as below:
1) All IP/Data traffic ( or ) traffic coming from 192.168.20.0 should pass through 192.168.20.1.
2) remaining all traffic (internet ) should pass through Proxy Server (TMG).
we are using HP Procurve 2910al switch.
much appreciate if any body help me to setup.
many thanks.
ASKER
Thanks for quick response,
but, what about websites running between VPN's . can we still access those sites,if i use GPO for poxy.
but, what about websites running between VPN's . can we still access those sites,if i use GPO for poxy.
Yes , but it would probably require some routes/adjustments on the TMG/proxy
ASKER
i think it would be easy, if we route traffic on L3 switch right.
no need to make changes in GPO and we leave by configuring Transparent Proxy.
Thanks,
no need to make changes in GPO and we leave by configuring Transparent Proxy.
Thanks,
You should be able to set the default route to 192.168.20.2 (the TMG proxy) and then setup routes for all other subnets pointing to 192.168.20.1.
This assumes that the TMG box is configured so that it will act as a transparent proxy and a router/GW at the same time.
This assumes that the TMG box is configured so that it will act as a transparent proxy and a router/GW at the same time.
ASKER
Thanks for response,
i got it. but,
i used the following commands
- ip route 192.168.0.0 255.255.255.0 192.168.20.1 ( for data and internal websites)
- ip route 0.0.0.0 0.0.0.0 192.168.20.2 ( for internet )
these commands didn't worked for me.
can you tell me commands or any example commands for my setup.
Thanks
i got it. but,
i used the following commands
- ip route 192.168.0.0 255.255.255.0 192.168.20.1 ( for data and internal websites)
- ip route 0.0.0.0 0.0.0.0 192.168.20.2 ( for internet )
these commands didn't worked for me.
can you tell me commands or any example commands for my setup.
Thanks
What do you mean by didn't work?
did you get an error or something?
did you get an error or something?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorry,
Data traffic is ok.
but,
unable to access local sites (inter-company) and internet is also not working.
Data traffic is ok.
but,
unable to access local sites (inter-company) and internet is also not working.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
check the all reply messages.
Are there other IP subnets on your internal network?
If so, then you need static routes defined pointing to the the correct router/GW. 192.168.20.1?
If so, then you need static routes defined pointing to the the correct router/GW. 192.168.20.1?
If data traffic is working through .2, then this would be fine.
but as i said you would need to add the other sites as well in the routing table. Otherwise it will go to the TMG.
And for the "internet", are you sure the correct route is followed? do a traceroute and see what happens?
but as i said you would need to add the other sites as well in the routing table. Otherwise it will go to the TMG.
And for the "internet", are you sure the correct route is followed? do a traceroute and see what happens?
ASKER
resolved issue my self.
Could you share with us how you resolved it. That way others that need to do the same thing may benefit from your solution.
and point that to the TMG.