Re: Separate Internet and LAN Network Traffic

keyyo0200 · ‎04-01-2008

I have a couple of branch offices that currently routes all traffic to the corporate office. Is there a way to separate Internet traffic from LAN traffic that come from the branch office to the corporate office?

In one branch office we have added a second T1 for Internet traffic and the other we have added a DSL line. The branch office with the T1 we have a web filter connected to a PIX515E which is connecting to the T1. I would like to direct Internet traffic thru the web filter to the PIX out to the new T1 line.

The other branch office we DSL modem connected to the router and I would like to send Internet traffic to the DSL modem without distrusting LAN traffic to the corporate office.

Any assistance would be helpful.

evsrajatgupta · ‎04-01-2008

Hi keyyo0200,

You can use Policy base routing in this case.

With the help Policy base routing you can set different next hop for different traffic base on the destination or source of the traffic.

Please rate.

keyyo0200 · ‎04-01-2008

Could you direct me to some documentation

Rick Morris · ‎04-01-2008

Here is a link for the PBR.

http://www.cisco.com/warp/public/732/Tech/plicy_wp.htm

This really is your best option for what you want to do.

Here is a link with config examples

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html

sanjay.khurana · ‎04-01-2008

Hi,

Could you pls make one network diagram and send me with ip schem details then i can help to achive ur object.

my email address : khuranasanjay@gmail.com

keyyo0200 · ‎04-01-2008

I sent you a Visio diagram and I also have attached it in the posting. IP address have been changed.

Thanks

Rick Morris · ‎04-01-2008

Based on what you sent it appears like you could use routing statements.

ip route 0.0.0.0 0.0.0.0

then add specific routes as you have listed to the specified network of the destination/nexthop.

for example.

Traffic from 172.16.64.0

ip route 150.225.155.0 255.255.255.0 150.225.155.213

This will take any traffic destined for this network and force it out to the 150.225.155.213 as the next hop.

the all zero's route will send everything else out to the internet.

keyyo0200 · ‎04-01-2008

I would like to divert the Internet traffic to the webfilter and thru the PIX to the internet.

LAN traffic to corporate offic example:

ip route 172.16.64.0 255.255.192.0 150.225.155.213

Internet traffic example:

ip route 0.0.0.0 0.0.0.0 192.168.64.9

Is this want you are talking about.

Rick Morris · ‎04-01-2008

yes.

Basically whatever your default routes point to that eventually get to the internet is where you want the all zero's route.

Allother traffic will be pointed directly out to the other route.

keyyo0200 · ‎04-01-2008

Thanks I will try this.

Rick Morris · ‎04-02-2008

I see that there was a rating given to someone that said to do the same thing I provided but not sure if it resolved your matter or not.

Please confirm if your issue is resolved or if you have questions still.

Thanks,

Rick

sanjay.khurana · ‎04-01-2008

Hi Bryan,

as per your network diagram, u can do one thing in your router just define default route toward Barracuda Web Filter & Barracuda Web Filter must have a Default G/W toward Pix.

like this

PC->Default G/w - Router Default G/W -Barracuda Web Filter Default G/w - Pix Default G/w - Internet.