Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Strange requirement

Hi All,

Below is network of customer. The Fw is a mail filter solution which our customer recently got. Router A is not capable of doing much, it just forwards to the default gateway i.e to the eth1 of  router B. The router B is the cisco router. We want to send the traffic meant for port 25 to be sent to the FW and the firewall to send the traffic back to the Router B. The Router B then forwards the traffic to the internet.

The square block is managle l2 switch.  We need to prosose a solution

Please note:

1> Can not change any any thing in the existing design as its a 24*7 network. No downtime. So we can place the mail filter in the inline mode.

2>  changes can be only done on Router A

3>  We came to know that the FW can not handle the assymetric routing.

4>  if we add tag to the traffic will the third party firewall drop it?

Any assistance with network diagram will help us.

Regards,

Ravindra K

Hi Team vlantag.jpg

Everyone's tags (2)
4 REPLIES

Strange requirement

Hi,

Have you tried configuring WCCP?

See below a configuration guide:

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

Don't forget to rate all posts that are helpful.

New Member

Strange requirement

Hi Sean,

Does it support port 25. I was thinking if there was a way playing with Vlans and route maps.

Regards,

Ravidnra K

Strange requirement

Hi,

The acl associated with wccp can be configured for any port you want.

Strange requirement

Hi Sean,

I would recommend to configure Policy Based Routing to the Router A (does Router A support it? ) and to send the SMTP traffic to the FW as next hop. Then the FW will forward the traffic to the Router B.  So, you overcome the problem of the SMTP traffic goes to Router B -> FW - > Router B.

Then you have also to configure PBR to the Router B to forward the SMTP traffic to the FWL and  then the FWL to send this traffic to Router A. The FWL could be configured with a default route which will point as next hop router B and a static route with next hop router A for all the internal subnets.

The PBR occurs before routing so only SMTP traffic, defined by the appropriate ACL, will be routed to the FWL.

All the rest traffic will be routed directlry from A->B, B->A, without passing via the Mail Filter (FWL)

Hope that helps!

Vasilis

906
Views
0
Helpful
4
Replies
CreatePlease to create content