06-12-2017 10:25 AM - edited 03-05-2019 08:41 AM
Hi,
Traffic shaping P2Pis the subject here.
With an ASA 5506 I'm unable to perform traffic shaping, not being able to block P2P connections. I setup an ipfire server which have these features tested and works perfect.
The routing is a bit of a challenge and please excuse my technical networking skills.
ASA 5506:
external ASA IP 5.5.5.5
internal ASA IP 10.167.0.1
external ipfire IP 10.167.0.4
internal ipfire IP 10.167.0.5
VLAN 4 10.167.3.x (Trusted Wireless)
VLAN 5 10.167.4.x (Guest Wireless)
There are other VPN site-to-site configured etc..
I would like to force the traffic routing through 10.167.0.5 so I can control the traffic Any ideas?
Cheers,
Zak
06-12-2017 01:12 PM
Hello Zak,
what is your physical setup ? The 'route inside' command lets you add static routes, but I am not sure that is the best solution in your case.
06-13-2017 01:37 AM
Hi Georg,
Physical setup ASA.
port 1 to the internet
Port 2 LAN default VLAN ->> Cisco Switch
Port 3 VLAN 4,5 --> Cisco Switch mapped VLAN ports
ipfire Linux server --> VM connected to default VLAN
My thought is do perform the routing at the ASA level while the static route as follows
Interface Outside | IP address - 0.0.0.0 | Netmask - 0.0.0.0 | Gateway IP - 5.5.5.5
I think I might have to delete this static route and create customised ones not sure!
There are NAT rules to allow VLAN to communicate with the LAN and they can see each other fine. ie if I set the proxy IP 10.167.0.5 on the client computer they access the internet using this proxy address even though they are on the VLAN sub.
Any thoughts?
Cheers,
Z
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide