Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Multiple internet gateways from single client

Hi All...apologies in advance for this rather rambling question - I hope it's not too vague!

I am trying to setup a network environment with multiple internet connections that need to be accessed from a number of client computers (Windows 8) according to user activity.

We have an internal LAN, variously VLAN'd on 192.168.x.x/25 all running on stacked 3750 L3 switches

We then have a VirginMedia MIA going out on 194.168.228.193, access via NAT on a Meraki MX90 security device. Users' general http browsing traffic should go out via this route along with guest wi-fi and general/informal ad hoc BYOD web browsing traffic.
There is also a connection (again Virgin but unsure as to IPs just at this stage) that will provide VPN access from some staff PCs out to their main offices/centres that they will need to access in order to update bookings, documents etc. These staff will belong to the main offices but will have a presence in our building. RADIUS is in place to provide AAA from their home base.
A third connection is on a 10.x.x.x network that provides connectivity to a remote web-based booking system (yes, a private IP address range but over a 'private' national network provided by BT). At present the clients that access the 'private' 10.x.x.x network are assigned static IPs and these route out directly onto the 'extended' private network. These clients do not currently connect to the 192.168.x.x network but run over a discrete network.
My challenge is to put all clients onto the internal LAN, assign them a 192.168.x.x IP from a Windows AD DHCP server but to provide access as required to the three different internet connections according to their needs so that, for example, a single client could, by choosing the URL of the web-based 'private' service (it is provided by desktop shortcut on each client machine) go out on the 10.x.x.x network or, if they go to any other URL/HTTP address for informal browsing, then go out on the Virgin MIA (via a VM 3400 router) OR, if they need to connect back to their 'home' office (mainly via Citrix) then they would go out via the Virgin VPN.

As you can probably tell I am not a Cisco or a networking engineer particularly but have inherited this project and have so far built it up from scratch using the config information on the Cisco website and some on-line and printed resources but have now hit a wall.
I have tried to address the issue via VLANs with ACLs but can think of no way to provide access to all three internet gateways, from any client according to destination/requirement.

I've attached a VERY rudimentary diagram extrapolated from the full version to just show the essentials.
If anyone has any ideas I would be insanely grateful!!

 

Cheers,

Mark

1 ACCEPTED SOLUTION

Accepted Solutions

Hello, That's what I tough

Hello,

 

That's what I tough when I saw your post, PBR looks like the way to go :)

 

FYI if you are interested I can help on the design and implementation.

 

My Skype id is julio.17.cr and my email jcarvaja@laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

Hello Mark, I have some ideas

Hello Mark,

 

I have some ideas that would like to share with you (Please check your inbox here)

 

Now I would say the way you are telling us the requirements the way to go is via Police Based Routing where you can route based on the source and destination IP addresses while keeping 3 or more WAN/Internet connections :)

 

Regards

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Thanks Julio,I have had a

Thanks Julio,

I have had a quick look at PBR following your suggestion and it does look like it could provide the answer I'm looking for although it is far above my skill/experience level! :-)

I will research further and post here. 

Thanks again,

Mark

Hello, That's what I tough

Hello,

 

That's what I tough when I saw your post, PBR looks like the way to go :)

 

FYI if you are interested I can help on the design and implementation.

 

My Skype id is julio.17.cr and my email jcarvaja@laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
74
Views
0
Helpful
3
Replies
CreatePlease to create content