Question : Routing and Switching: VLAN & Traffic Shaping.

Hi All,

Hope this mail finds you all in good health and high spirits.

Comming to my query.


I have in my network:


Internet Router - Serial going to Leased Line.
E1 connecting to the Pix 515 3FE
E2 connecting to ADSL 1
E3 Connecting to ADSL 2
E4 Connecting to ADSL 3


Ethernet from Router E1 Connects to Pix Outside.


Pix Inside Connects to Proxy ISA Server.


Proxy ISA Server connects to CAT 4500 Switch with VLAN 10, VLAN 20, VLAN 30, VLAN 40, VLAN 50.



Requirement:


All internet WWW/FTP traffice to go through ADSL Lines.

VLAN 10 to go through ADSL 1
VLAN 20 to go through ADSL 2
VLAN 30,40,50 to go through ADSL 3.



Does the network design sound workable. If so any supporting docs for refrence.


Please feel free to email for further queries.


Rgds.

TA

Answer : Routing and Switching: VLAN & Traffic Shaping.

It is absolutely not workable.
Since only the T1 connects to the router the PIX would then have to make all the advanced routing decisions and it simply does not "do" PBR. The PIX can only have one default route and, for example, to send all www->any traffic to DSL 1 means DSL1 must be the default gateway, else the destination IP is all that matters and if that IP does not have a specified route out a specific interface then there is no choice but to toss it out to the default.

If they all connected to the router, then the router can make those types of policy based decisions and have multiple next-hops for specified traffic. Just not the PIX.

If they did all connect to the router, and you let the PIX do the NAT, then you can only nat to the public IP of your primary line and the router would have to double-nat all other traffic depending on what interface it goes out. It is easy enough to create separate nat/globals for each internal vlan so that your router knows which vlan generates the traffic that it needs to make routing decisions on.