cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
781
Views
0
Helpful
8
Replies

HTTP access and MPLS

JohnWeck16314
Level 1
Level 1

Hello, 

 

I currently have an PTP going from my satellite office to my main office.  All traffic goes through this connection.  I have a new connection coming in in which I would like to route internet traffic out separately.  Currently, traffic all goes out a layer 3 switch. Could I send traffic to this new circuit as well so that just 80, 443 go out for http traffic and the rest goes to MPLS or will I need a firewall for this?  Trying to split the two lines of traffic so more room for MPLS.  

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @JohnWeck16314 ,

splitting traffic using PBR policy based routing is possible on a switch with appropriate license and SDM template.

However, access to the internet requires NAT so you will need a router

 

Hope to help

Giuseppe

 

At this time I only have a firewall.  What would my options be for this?  

Hello,

 

what is the brand/model of the firewall ? Are both connections coming in through this same firewall ?

Hello, 

 

The firewall we have on hand is sonicwall.  We still want to route MPLS traffic back to main office (using PTP), but use other circuit for 80, 443.  Appreciate the comments.  

Hello @JohnWeck16314 ,

as noted also by BB the switch can use PBR to send traffic with destination TCP port 80 or 443 to the firewall "inside" the firewall will do NAT and will use the new internet handoff connected to its "outside" or WAN interface.

Look for PAT it is the correct tool for your FW.

 

At high level you should be able to achieve what you want.

 

The firewall will need static routes for the internal subnets with next-hop the switch.

 

Hope to help

Giuseppe

 

Hello,

 

the SonicWall supports policy based routing.

 

Provide a diagram of your topology so we can see how your devices are connected (e.g. is the SonicWall the edge device for BOTH connections) ?

If we had a better understanding of the topology of the current network and of the plans for MPLS we could give better advice. In the original post we are told that "Currently, traffic all goes out a layer 3 switch." and later we are told "At this time I only have a firewall." So currently the traffic exits the remote office from the firewall and not the L3 switch? Where will the MPLS connection be? On the L3 switch or on the firewall? It is not clear whether the processing to split the traffic would be on the L3 switch or on the firewall. If on the L3 switch then depending on the switch model and licensing (and perhaps version of code) it should be possible to use PBR, as suggested in previous posts. If processing is on the firewall then we need to know more about the capabilities of the firewall.

 

HTH

Rick

balaji.bandi
Hall of Fame
Hall of Fame

with the PBR you can do traffic steering,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco