PIX 515, ADSL Router, Proxy Server - Default Gateway ?
I have a proxy server on my internal 10.x network, I want this machine to use an ADSL service as it default gateway. The ADSL service is on a Vigor ADSL router. However, I want any traffic between the proxy server and the ADSL service to go through the PIX.
Does anyone have any suggestions on how to achieve this ? should I NAT the ADSL router to a 10.x address and just set this address as default gateway for the proxy server ?
Sorry, I forgot to mention, the external interface of the PIX is connected to a leased line and this is the default gateway for PIX. The proxy server is the only client I want to use the ADSL (connected to another interface on the PIX). If I set the default gateway to the PIX, then traffic would continue across leased line (the objective is to move traffic from the proxy to the ADSL).
It's currently policy to put all external traffic through the PIX so there is one administrator and one device to configure all filters etc. If the proxy server is connected directly to the ADSL router, then the PIX is potentially bypassed and security is reliant on a £100 ADSL router.
Just to summarise, this would mean a PIX 515 with a deafult gateway of a leased line to ISP (current config). We are proposing an ADSL line with router connected to another interface on the PIX, for use only by the proxy server.
Yes, it is true, policy routing would be ideal, becuase I am trying to achieve exactly what you say. However, the leased line router is managed by our ISP and they are unwilling to implement this. At this time, it is not appropriate for us to replace this with our own router to allow this change. I don't think you can do policy routing on the PIX either, can you ?
This is why I was coming from the view point of giving the ASDL router a static NAT on internal network and pointing Proxy server at it, and restricting traffic to just the Proxy. I am having some trouble getting this working though and wondered if any else had any other suggestions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :