Routing to control the traffic from ipfire linux server

zakariasaad · ‎06-12-2017

Hi,

Traffic shaping P2Pis the subject here.

With an ASA 5506 I'm unable to perform traffic shaping, not being able to block P2P connections. I setup an ipfire server which have these features tested and works perfect.

The routing is a bit of a challenge and please excuse my technical networking skills.

ASA 5506:

external ASA IP 5.5.5.5

internal ASA IP 10.167.0.1

external ipfire IP 10.167.0.4

internal ipfire IP 10.167.0.5

VLAN 4 10.167.3.x (Trusted Wireless)

VLAN 5 10.167.4.x (Guest Wireless)

There are other VPN site-to-site configured etc..

I would like to force the traffic routing through 10.167.0.5 so I can control the traffic Any ideas?

Cheers,

Zak

Georg Pauwen · ‎06-12-2017

Hello Zak,

what is your physical setup ? The 'route inside' command lets you add static routes, but I am not sure that is the best solution in your case.

zakariasaad · ‎06-13-2017

Hi Georg,

Physical setup ASA.

port 1 to the internet

Port 2 LAN default VLAN ->> Cisco Switch

Port 3 VLAN 4,5 --> Cisco Switch mapped VLAN ports

ipfire Linux server --> VM connected to default VLAN

My thought is do perform the routing at the ASA level while the static route as follows

Interface Outside | IP address - 0.0.0.0 | Netmask - 0.0.0.0 | Gateway IP - 5.5.5.5

I think I might have to delete this static route and create customised ones not sure!

There are NAT rules to allow VLAN to communicate with the LAN and they can see each other fine. ie if I set the proxy IP 10.167.0.5 on the client computer they access the internet using this proxy address even though they are on the VLAN sub.

Any thoughts?

Cheers,

Z