topic Re: Route Server Access in Network Security

Route Server Access

pablo.arcelcr — Fri, 21 Feb 2020 14:14:22 GMT

I have a FW (2) that have to segments one for data and one for voice (see attched image) and I want that those segments reach the servers segment behind another FW (1) also between the two Firewalls there is L3 switch.

(image attached)

Could you please let me know how can I do the routing and allow that the segments described can reach the server.

Please see attached image.

Thanks

Re: Route Server Access

Maykol Rojas — Thu, 24 Aug 2017 17:10:31 GMT

Hello;

On Firewall 2, you need a route to 10.154.2.0/24 pointing to the L3 switch

On the switch, you need a route pointing 10.1.250.0/24 and 10.1.251.0/24 towards FW 2 (10.2154.242.4)

Also a Route for 10.154.2.0/24 towards FW1 10.154.0.81

On FW you need a route for 10.1.250.0 and 10.1.251.0 towards the Switch

FW2

route <interface_name> 10.154.2.0 255.255.255.0 10.154.242.2

On switch

ip route 10.1.250.0 255.255.255.0 10.154.242.4

ip route 10.1.251.0 255.255.255.0 10.154.242.4

ip route 10.154.2.0 255.255.255.0 10.154.0.81

On FW1

route <interface_name> 10.1.250.0 255.255.255.0 10.154.0.83

route <interface_name> 10.1.251.0 255.255.255.0 10.154.0.83

Mike.

Re: Route Server Access

pablo.arcelcr — Thu, 24 Aug 2017 21:38:40 GMT

These are the interfaces in FW2

GigabitEthernet0/0.134 LMIDATA 10.1.250.1 255.255.255.0 manual
GigabitEthernet0/0.135 LMIVOICE 10.1.251.1 255.255.255.0 manual
GigabitEthernet0/1 INSIDE 10.154.242.4 255.255.255.248 manual
GigabitEthernet0/3 failover 192.168.255.9 255.255.255.252 unset

So the IP route for FW 2 will be

route INSIDE 10.154.2.0 255.255.255.192 10.154.242.2

am I right?

Do I need to do anything else?

Im still not able connect to the Server VLAN from the FW2

Re: Route Server Access

Maykol Rojas — Thu, 24 Aug 2017 23:26:04 GMT

Route looks ok, however you need to make sure you have NAT/ACLs statements to allow that traffic.

Regards;