Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1362
Views
0
Helpful
4
Replies

Strange requirement

ravindra Krishna
Level 1
Level 1

‎03-23-2012 01:58 PM - edited ‎03-04-2019 03:47 PM

Hi All,

Below is network of customer. The Fw is a mail filter solution which our customer recently got. Router A is not capable of doing much, it just forwards to the default gateway i.e to the eth1 of  router B. The router B is the cisco router. We want to send the traffic meant for port 25 to be sent to the FW and the firewall to send the traffic back to the Router B. The Router B then forwards the traffic to the internet.

The square block is managle l2 switch.  We need to prosose a solution

Please note:

1> Can not change any any thing in the existing design as its a 24*7 network. No downtime. So we can place the mail filter in the inline mode.

2>  changes can be only done on Router A

3>  We came to know that the FW can not handle the assymetric routing.

4>  if we add tag to the traffic will the third party firewall drop it?

Any assistance with network diagram will help us.

Regards,

Ravindra K

Hi Team vlantag.jpg

Labels:
0 Helpful
4 Replies 4

sean_evershed
Level 7
Level 7

‎03-23-2012 11:56 PM

Hi,

Have you tried configuring WCCP?

See below a configuration guide:

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

Don't forget to rate all posts that are helpful.

0 Helpful

ravindra Krishna
Level 1
Level 1
In response to sean_evershed

‎03-24-2012 03:05 AM

Hi Sean,

Does it support port 25. I was thinking if there was a way playing with Vlans and route maps.

Regards,

Ravidnra K

0 Helpful

sean_evershed
Level 7
Level 7
In response to ravindra Krishna

‎03-24-2012 03:52 AM

Hi,

The acl associated with wccp can be configured for any port you want.

0 Helpful

Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎03-24-2012 07:33 AM

Hi Sean,

I would recommend to configure Policy Based Routing to the Router A (does Router A support it? ) and to send the SMTP traffic to the FW as next hop. Then the FW will forward the traffic to the Router B.  So, you overcome the problem of the SMTP traffic goes to Router B -> FW - > Router B.

Then you have also to configure PBR to the Router B to forward the SMTP traffic to the FWL and  then the FWL to send this traffic to Router A. The FWL could be configured with a default route which will point as next hop router B and a static route with next hop router A for all the internal subnets.

The PBR occurs before routing so only SMTP traffic, defined by the appropriate ACL, will be routed to the FWL.

All the rest traffic will be routed directlry from A->B, B->A, without passing via the Mail Filter (FWL)

Hope that helps!

Vasilis

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card