Hi All...apologies in advance for this rather rambling question - I hope it's not too vague!
I am trying to setup a network environment with multiple internet connections that need to be accessed from a number of client computers (Windows 8) according to user activity.
We have an internal LAN, variously VLAN'd on 192.168.x.x/25 all running on stacked 3750 L3 switches
We then have a VirginMedia MIA going out on 126.96.36.199, access via NAT on a Meraki MX90 security device. Users' general http browsing traffic should go out via this route along with guest wi-fi and general/informal ad hoc BYOD web browsing traffic. There is also a connection (again Virgin but unsure as to IPs just at this stage) that will provide VPN access from some staff PCs out to their main offices/centres that they will need to access in order to update bookings, documents etc. These staff will belong to the main offices but will have a presence in our building. RADIUS is in place to provide AAA from their home base. A third connection is on a 10.x.x.x network that provides connectivity to a remote web-based booking system (yes, a private IP address range but over a 'private' national network provided by BT). At present the clients that access the 'private' 10.x.x.x network are assigned static IPs and these route out directly onto the 'extended' private network. These clients do not currently connect to the 192.168.x.x network but run over a discrete network. My challenge is to put all clients onto the internal LAN, assign them a 192.168.x.x IP from a Windows AD DHCP server but to provide access as required to the three different internet connections according to their needs so that, for example, a single client could, by choosing the URL of the web-based 'private' service (it is provided by desktop shortcut on each client machine) go out on the 10.x.x.x network or, if they go to any other URL/HTTP address for informal browsing, then go out on the Virgin MIA (via a VM 3400 router) OR, if they need to connect back to their 'home' office (mainly via Citrix) then they would go out via the Virgin VPN.
As you can probably tell I am not a Cisco or a networking engineer particularly but have inherited this project and have so far built it up from scratch using the config information on the Cisco website and some on-line and printed resources but have now hit a wall. I have tried to address the issue via VLANs with ACLs but can think of no way to provide access to all three internet gateways, from any client according to destination/requirement.
I've attached a VERY rudimentary diagram extrapolated from the full version to just show the essentials. If anyone has any ideas I would be insanely grateful!!
I have some ideas that would like to share with you (Please check your inbox here)
Now I would say the way you are telling us the requirements the way to go is via Police Based Routing where you can route based on the source and destination IP addresses while keeping 3 or more WAN/Internet connections :)
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...