Jonathan Joye
asked on
Network routing issue.
Hello all,
Thank you for taking the time to look at this question.
I have just inherited a network that looks to have more then a few band-aids on it. As I try to wrap my mind around it I get a little cross-eyed and I think that's because more then a few hands from different agencies (who did not communicate) put it together. I have the ability to make some limited changes but management is key to keep/incorporate a few features that I am running into an issue with.
The problem comes down to the 'Untangle' security appliance. Without it in place everything is working fine, When I have it in place I loose connection between the 10.1.28.x and 192.168.1.x networks.
In the included network diagram:
- The Main office, Top Box - 10.1.28.x network. The edge router is an ASA 5505. The internal network looks to this device as the gateway and, as I understand it, all traffic destine for another network hits that edge router first. This ASA includes a few route / bypass statements to redirect all traffic to and from the 192 network. Which works fine without the introduction of the Untangle security appliance.
- Management likes the features of the untangle and insist I keep it.
- When I introduce the untangle it looks as if it lets the traffic destine for the 192 network thru to the ASA but does not allow it back thru to the ISP managed equipment. I've worked with UNTANGLE to redirect/ ignore or allow all the 192 traffic to pass but they were unable to assist me.
- The current suggestions from my piers is to insert a managed switch before the untangle that routes all 192. traffic before it gets to the untangle or ASA.
* Is that the best course of action or is there another solution?
* If it is the best course of action, is there a recommendation on the type of managed switch I should use?
- I was wondering if there was a way to set up a connection between the ASA and the ISP managed equipment with a direct line, perhaps as another VPN. This occurs to me as the untagle has no issues with the traffic from the remote office thru the VPN on the 10.1.27.x network.
Thank you in advance.
I apologize in advance if any of my vernacular is off.
Network-Diagram-2.pdf
CISCO---redacted.txt
Thank you for taking the time to look at this question.
I have just inherited a network that looks to have more then a few band-aids on it. As I try to wrap my mind around it I get a little cross-eyed and I think that's because more then a few hands from different agencies (who did not communicate) put it together. I have the ability to make some limited changes but management is key to keep/incorporate a few features that I am running into an issue with.
The problem comes down to the 'Untangle' security appliance. Without it in place everything is working fine, When I have it in place I loose connection between the 10.1.28.x and 192.168.1.x networks.
In the included network diagram:
- The Main office, Top Box - 10.1.28.x network. The edge router is an ASA 5505. The internal network looks to this device as the gateway and, as I understand it, all traffic destine for another network hits that edge router first. This ASA includes a few route / bypass statements to redirect all traffic to and from the 192 network. Which works fine without the introduction of the Untangle security appliance.
- Management likes the features of the untangle and insist I keep it.
- When I introduce the untangle it looks as if it lets the traffic destine for the 192 network thru to the ASA but does not allow it back thru to the ISP managed equipment. I've worked with UNTANGLE to redirect/ ignore or allow all the 192 traffic to pass but they were unable to assist me.
- The current suggestions from my piers is to insert a managed switch before the untangle that routes all 192. traffic before it gets to the untangle or ASA.
* Is that the best course of action or is there another solution?
* If it is the best course of action, is there a recommendation on the type of managed switch I should use?
- I was wondering if there was a way to set up a connection between the ASA and the ISP managed equipment with a direct line, perhaps as another VPN. This occurs to me as the untagle has no issues with the traffic from the remote office thru the VPN on the 10.1.27.x network.
Thank you in advance.
I apologize in advance if any of my vernacular is off.
Network-Diagram-2.pdf
CISCO---redacted.txt
masnrock
Let's ask this, since management seems to be so keen on keeping Untangle: What changed to cause things to stop working in the first place? Also, what exactly are you utilizing Untangle for?
ASKER
the untangle is new, its replacing some a set of web and spam barracuda's. As it is hey like it, and want it to stay. So my job is to now integrate it.
- management prefers the interface and reporting of the untangle device.
- it is being used to monitor traffic inside and outside the network.
- management prefers the interface and reporting of the untangle device.
- it is being used to monitor traffic inside and outside the network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your answer
ASKER
Thank you for your time. I will get with Cisco to determine the switch model I need.