11-08-2011 11:07 PM - edited 03-04-2019 02:12 PM
Hello genius minds.
I have a network of about 50 sites connected via MPLs. We have a default- route in the network for Internet access. The company has decided to remove this default route and use proxy for Internet access for security purposes.
Now before we remove that. We would like to see what application or who ( source ip) is using this default route. So that we can try to see dependencies. How can I achieve this ?
Any ideas.
Thanks in advance
Sent from Cisco Technical Support iPad App
11-08-2011 11:35 PM
Hi Amit,
Your MPLS provider has giving you a default route, so that you sent any traffic from your CE to PE ( either internet traffic or intranet traffic).
So what ever traffic which originates in all your sites will need that default route to get out of that particular site and go to where it has to got. Its is PE which will decide where and how to sent that traffic.
HTH,
Smitesh
11-09-2011 12:01 AM
Hi,
I suppose you are receiving not only the default route from you provider but also routes for your sites?
So it might be possible to configure some ACLs on your CE routers logging packets sent to other destinations than your company IP range.
But the easiest way would be logging the traffic sent to the Internet.
I suppose you are using some FW on your Internet connection?
So why don't you start logging the traffic sent to the Internet and observe the source addresses in your FW log?
HTH,
Milan
11-09-2011 01:22 AM
Hi Amit,
If we have something like IP accounting with access-list then you may see which sources accessed internet.
You can apply this feature on your central site connecting interface towards provider. You can put all networks other than owned by your company (I mean internet destination).
If i am not wrong may be netflow also help you to achieve u want.
i have not implemented this so you can search internet for such features.
Regards
Mahesh
11-09-2011 06:00 AM
Hi Hi Amit,
It seems your setup looks like one of my customer have the same kind of setup..
It is like they have only MPLS connection at site and have internet connection at their HQ, So what they did is all required/known traffic to rest of the sites and to HQ routed over MPLS and the default-route/unknown/internet traffic pointed to the HQ gateway so that the internet traffic from other MPLS connected sites can get internet from their HQ site.
Is that what your setup?
Please rate the helpfull posts.
Regards,
Naidu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide