I need to subnet my net 10.0.0.0/20 to a 32 subnets. It's easy.
But also I need to do a strange trick.
All traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, must be forwarded to MS ISA server if it's destined to network other than 10.0.0.0/20.
for example subnet 10.0.0.0/25 has a default gw 10.0.0.1 propagated from DHCP server via ip helper-address
the same is for subnet 10.0.0.128/25 but with a default gateway 10.0.0.129.
And the trick I must to do is - forward to MS ISA server all traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, if it's destined to network other than 10.0.0.0/20.
I now that I can do this trick with PBR on a Cisco Catalyst. Something like
ip access-l e TO-ISA
deny ip 10.0.0.0 0.0.0.7
permit ip any any
route-map pbr permit 10
match ip address 10
set ip next-hop IP-OF-ISA-SRV
and then insert PBR into each VLAN.
But I think that on a huge network load this configuration would work extremely slow :-(
So how can I do this trick without PBR?
Or may be it would work not very slow?
May be Microsoft Firewall Client can create something like a Tunnel to forward packets directly from PC via default gateway to MS ISA server?