implementing loopback & mgt vlans through DMZ

todd.martin-02 · ‎08-15-2005

I need to implement loopback addresses on several devices for managmenent purposes. the trick is that 15 of the devices reside on the external side of a firewall.

Most of the loopback deployment I have done in the past have used a /32 address to maximize ip's.

Problem 1.

My firewalls & loadbalancer sandwich are not running any routing protocols. So I would have to add 15 static host routes in each of the 3 firewalls and 4 loadbalancers. This does not seem like a good solution.

An alternative would be to use a /27 network and then add 1 static route in each of the firewalls and loadbalancers.

I would like to know how some of the fourm users are managing DMZ network devices.

smalkeric · ‎08-19-2005

i think without configuring Routing protocol it is hard to create Loopback address on devices.you want to create any Routing process to accept new router ID, or reload router.

Marvin Rhoads · ‎08-21-2005

The /27 (with an RFC 1918 address space) is probably the most elegant solution.

For higher security connections, I have used a console server (e.g., 1900 series router) with async connections to the consoles of the devices being managed. This isn't good for interactive management (e.g., CW, SNMP status, etc.) but only for remote access to the vty console.