09-20-2016 07:23 AM - edited 03-05-2019 07:06 AM
Hi,
our one of the location having connectivity at Dubai end as below:
Internet Leased Line 1:1 8 Mbps -------> internet cisco router-->cisco ASA--->cisco L3 Switch----> users
Internet Broad Band shared 1:8 Link 100 Mbps------->internet Broad Band router-->cisco L3 Switch----> Microsoft Proxy Server
we have configured site to site VPN on ASA from this site to HO India Location. Dubai end users are accessing internet through proxy server via another internet broad band link. this internet broad band is in vlan 2 & ASA & all users are vlan 1. presently users are accessing the internet & it is working fine. network diagram is attached.
now recently we have migrate the emails system from in-house to O365 cloud. now I am observing that internet browsing is getting slow as well as emails are getting slow response. we observed that internet broad band link is fully over utilizing. we can not upgrade the bandwidth of broad band link as this is limitation at ISP end.
can we do like this----
1. when user access O365 mail then its traffic will go via proxy ---->ASA ---> via internet link 8 Mbps.
2. when user access internet then its traffic will go via proxy ---->ASA ---> internet broad band router ----> Internet Broad band shared link 100 Mbps.
so that email load will shift on 8 Mbps link & rest of the internet load will go via broad band link as earlier users are accessing.
Is it feasible, if yes, please guide us that how to do it.
09-20-2016 01:09 PM
Hello,
you will need to apply policy based routing that matches POP3 and SMTP traffic, which would look like this:
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq pop3
Then create a route map:
route-map INTERNET
match ip address 101
set ip next-hop x.x.x.x
where x.x.x.x is the IP address of the interface connecting to your Internet broadband router.
Then apply the policy map to the relevant interface:
interface vlan X
ip policy route-map INTERNET
Unfortunately I cannot open your attachment, if possible, can you convert it to a GIF ?
09-26-2016 06:47 AM
hi,
on L3 switch there is two vlan,
vlan 1-----10.120.1.0/24
vlan 2--- 192.168.20.0/24
ASA is connected vlan 1, users gateway is L3 switch & default route on L3 switch towards ASA. on ASA site to site vpn is connected. network diagram is attached.
Proxy is in Vlan2 & its gateway is Broadband router.
if users access internet or o365 mail its traffic goes via proxy--> internet broad band---> internet
now I want to do like this.
if user access internet (yahoo, google etc) then its traffic go via internet broad band
if users will access o365 mail , then its traffic will go via L3 switch--> ASA---> internet 8 Mb Link
for achieving this as per my understanding my approach is like this:
1. proxy should be move on vlan 1 & nat on ASA with new public ip address.
2. when user access internet then traffic goes on proxy--> L3 switch--->ASA & on ASA some route map mechanism so that traffic could diverted toward broadband router.
3. when users access o365 mail, then its traffic should go to proxy-->L3 switch--->ASA ----internet. it will work.
we are facing challenges on 2nd points. please help us.
if my approach is wrong then please tell us right way.
09-27-2016 09:09 AM
What you would have to do is specify the IP range of your ESP as the destination in the ACL, rather than the protocols, with https as the protocol, if you just wanted secure web traffic routed via the connection.
I doubt that is the cause of the issue, that's more likely due to the E-mails themselves (especially outgoing if you have DSL), the solution for this has been detailed.
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide