Redirecting HTTP to a different ISP to save bandwidth

Unanswered Question
Sep 4th, 2009

I am looking into methods of redirecting HTTP traffic and other high bandwidth protocols for users that are browsing the web to another ISP (Comcast Business) that has a much higher bandwidth than our existing tier 1 business ISP. Our configuration looks like the following:

Core <--> ASA 5510 <--> Switch <--> Packeteer <--> 3845

I am thinking about moving our Comcast business connection to the dirty DMZ switch in-between the ASA and the Packeteer. Is there an easy way to take HTTP traffic leaving the ASA or hitting the permitter and send that to the Comcast ISP.

I was thinking that I could put a new router in-between dirty DMZ switch and the Comcast ISP, and then use WCCP at the ASA to send it on to the new router.

Is there a less expensive way to achieve this? Any input would be greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yagnesh_tel Fri, 09/04/2009 - 06:35

Hi Matthew,

Not able to understand your topology completely but I interpret that both your ISP connections are connected to 3845 router.

So how about matching http and other high bandwidth traffic and sending them on particular ISP interface using Policy based routing?

For example on your 3845 router:

access-list 110 permit tcp any any eq 443

access-list 110 permit tcp any any eq 80



ip policy route-map HTTP_REDIRECT


route-map HTTP_REDIRECT permit 10

match ip address 110

set interface

mlinsemier Fri, 09/04/2009 - 06:46

So basically, I would connect the Comcast cable modem to a secondary interface on the 3845 (say gigabit ethernet0/1), set it for DHCP so it gets a public IP address, then implement the PBR off of that interface, and everything should be good to go? I haven't done a whole lot PBR.


yagnesh_tel Fri, 09/04/2009 - 07:19

Yes, partly correct. You need to apply policy route-map on interface connected to your inside network i.e. to Packeteer. So basically packets will be matched as they enter into inside interface using defined ACL and matched packets will be directly send to interface specified using 'set interface' command without consulting routing table. For all other(unmatched) traffic, router will consult routing table as usual.

Refer this for more information on PBR:


This Discussion