cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1749
Views
0
Helpful
2
Replies

Traffic flow in Network

mahesh18
Level 6
Level 6

Traffic Flow question from PC  to Outisde World

Hi Everyone,

Need to know traffic flow in network environment where we have ironport device,ASA  and Waas.

Ironport is used to block certain websites.

If user PC  access a website how will traffic flow from user PC  to the Outisde?

Need to know if ironport will check  website first ? will it then it ASA  or will it hit WAAS  first?

Need to know the order in which traffic will hit network devices  ironport ,ASA and WAAS

Thanks

Mahesh

2 Accepted Solutions

Accepted Solutions

JohnTylerPearce
Level 7
Level 7

You would need to either give us a diagram of your network or describe how the path from inside to outside works.

Generally, if PC1 goes to www.google.com, it will go to it's default gateway first, from there (in your scenario), it will most likely go to the ironport, and then I bet the ironport has a route to go to the ASA, and to Outside. I don't have any experience with Waas to be honest with you. Just so you know, the ASA can also do Web Filtering. Of course there is a cost involved depending on if you got the right module with it and licensing it may by cheaper jus to keep the ironport which I completely understand.

View solution in original post

It's possible your ASA or your core switch (if Cisco) is configured with Cisco's WCCP. This enables transparent redirection of HTTP traffic to an IronPort appliance, so no client config needed:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html

View solution in original post

2 Replies 2

JohnTylerPearce
Level 7
Level 7

You would need to either give us a diagram of your network or describe how the path from inside to outside works.

Generally, if PC1 goes to www.google.com, it will go to it's default gateway first, from there (in your scenario), it will most likely go to the ironport, and then I bet the ironport has a route to go to the ASA, and to Outside. I don't have any experience with Waas to be honest with you. Just so you know, the ASA can also do Web Filtering. Of course there is a cost involved depending on if you got the right module with it and licensing it may by cheaper jus to keep the ironport which I completely understand.

It's possible your ASA or your core switch (if Cisco) is configured with Cisco's WCCP. This enables transparent redirection of HTTP traffic to an IronPort appliance, so no client config needed:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html

Review Cisco Networking for a $25 gift card