I have a scenario as below. I have one cisco 2811 router with two Ethernet ports(one WAN(A) and one LAN(B)) and one ADSL interface(C).
Behind the router there is a cisco ASA 5500 firewall with three VLAN's(Internal (D) , External(E) and DMZ (F)).
I want all incoming traffic on certain ports arriving at the WAN(A) port to be directed to a server inside the DMZ(F) which will server the responds through the WAN port(A) only. Also any request for internet from the internal vlan(D) should be going out through the ADSL line(C).
Is it possible to such a configuration with the 2800 series router and ASA 5500 firewall? Is it possible someone can show me a sample configuration.
PBR on the 2811 would allow you to direct inbound traffic from the LAN(B) interface to either WAN(A) interface or ADSL interface(C) based on some criterial where it can distinguish outgoing traffic. However, if the firewall is doing some kind of NAT, you may not be able to easily distinguish outgoing traffic. (I'm not familar with ASA capabilities, but one possible method to distinguish traffic might be to use an DSCP marking.)
"I want all incoming traffic on certain ports arriving at the WAN(A) port to be directed to a server inside the DMZ(F)".
The 2811 should be able to match against incoming ports and interface, but it might be somewhat difficult to direct to a particular server since routers usually direct to a "next hop". How this might be done will likely depend much on whether you might have "server" on a dedicated network or whether the ASA might use an inbound DSCP marking to make a decision.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...