Below is network of customer. The Fw is a mail filter solution which our customer recently got. Router A is not capable of doing much, it just forwards to the default gateway i.e to the eth1 of router B. The router B is the cisco router. We want to send the traffic meant for port 25 to be sent to the FW and the firewall to send the traffic back to the Router B. The Router B then forwards the traffic to the internet.
The square block is managle l2 switch. We need to prosose a solution
1> Can not change any any thing in the existing design as its a 24*7 network. No downtime. So we can place the mail filter in the inline mode.
2> changes can be only done on Router A
3> We came to know that the FW can not handle the assymetric routing.
4> if we add tag to the traffic will the third party firewall drop it?
I would recommend to configure Policy Based Routing to the Router A (does Router A support it? ) and to send the SMTP traffic to the FW as next hop. Then the FW will forward the traffic to the Router B. So, you overcome the problem of the SMTP traffic goes to Router B -> FW - > Router B.
Then you have also to configure PBR to the Router B to forward the SMTP traffic to the FWL and then the FWL to send this traffic to Router A. The FWL could be configured with a default route which will point as next hop router B and a static route with next hop router A for all the internal subnets.
The PBR occurs before routing so only SMTP traffic, defined by the appropriate ACL, will be routed to the FWL.
All the rest traffic will be routed directlry from A->B, B->A, without passing via the Mail Filter (FWL)
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...