I'm a novice at the networking side of things so I'll apologize in advance if this is something simple, I've been looking at all sorts of sites and forums and have just been getting more confused so I figured I'd just ask. I've got a Win 2008R2 server that runs my back ups. That server and the connected storage array are both on my internal network (10.1.x.x) and backing up other machines on the network is fine. However when I try to back up a server on the DMZ (192.x.x.x) I get a huge slow down on the network because it is all going through the firewall (pix). My thought to avoid this problem is to multi home the back up server and have it connected to both the DMZ and the internal network. My problem is that I'm not sure how to go about this. There are two nic cards on the server so that is not a problem, but the more I read the more confused I got about if I just needed to connect the other nic to the DMZ, do I need to install RRAS, do I need to do both, or is there a different, better way to do this altogether. If someone could point me in the right direction I'd really appreciate it. Thanks in advance!Dave

Hi dsvick1236598, Thanks for posting here. > However when I try to back up a server on the DMZ (192.x.x.x) I get a huge slow down on the network because it is all going through the firewall (pix). Whatever We’d recommend single home your windows backup server at all. This issue is due to the incorrect setting between DMZ and your inside network on PIX. You may start troubleshooting form that . Have you set NAT between DMZ and inside network? and what’s entries in access-list on PIX? I think you’d better consult with Cisco first or maybe post to their support forum. Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks Tiger, I appreciate your response. I'll head over to the cisco forums and see what I can learn there, unfortunately I'm just as new at that as I am at the networking question. :)Dave

Dave, I am sure you have seen that this question is pretty common, but lacking much specfiic information out there. What you'll find is that routing traffic via certain interfaces is relatively easly. It gets compicated at the higher application levels when you attempt to make the actual connections. You have to consider how your name resolution is setup and other factors. Also keep in mind that from a security perspective, by creating this additional segement which bypasses the firewall may be in violation of your organization's security policies. You have to consider that if either box is comprimised, they will have a direct link into the network around the firewall. Visit: anITKB.com, an IT Knowledge Base.

I've been looking at this for the last couple of days now and am slightly confused now. I'm not sure it is a firewall issue at all. The two servers can communicate and I can run the backups so there is not a problem with the routing through the firewall. In my mind the problem is that the physical path between these two is through the firewall. When I look at my traffic monitor there is a huge spike on the internal interface of the firewall when the backups are running, no matter what I change my firewall rules to the traffic will still have to go across one or the other of the interfaces so I'll always get the bottleneck at the firewall. That's why I thought of multi homing the server so that there would be a physical path between it and the servers on the DMZ that would remove the firewall completely. From a security standpoint I can set the firewall on the server to only allow the connections on the ports required by the backup software. If my understanding of this is completely wrong let me know, but I don't see how to remove the bottleneck by updating the firewall rules. thanks for your help, I appreciate it!Dave

You may not be able to remove the bottleneck by adjusting the rule set. It may require that you upgrade the firewall to a model that can handle more traffic. Other options may include upgrading the NIC interface on the Firewall to GB, or "bonding" two or more ports on the firewall back to the switch. For example, having multiple GB connections between the Firewall and the Switch to create a multi-GB trunk. You may also consider running backups during "off-peak" network hours.Visit: anITKB.com, an IT Knowledge Base.

Thanks JM Unfortunately any of those upgrades are out of the question at this time and we already run them during off peak hours. Which is why I was thinking my only solution, while it might not be the best one, is to multi home the backup server.