Solved: Route Server Access

pablo.arcelcr · ‎08-24-2017

I have a FW (2) that have to segments one for data and one for voice (see attched image) and I want that those segments reach the servers segment behind another FW (1) also between the two Firewalls there is L3 switch.

(image attached)

Could you please let me know how can I do the routing and allow that the segments described can reach the server.

Please see attached image.

Thanks

Maykol Rojas · ‎08-24-2017

Route looks ok, however you need to make sure you have NAT/ACLs statements to allow that traffic.

Regards;

Mike

View solution in original post

Maykol Rojas · ‎08-24-2017

Hello;

On Firewall 2, you need a route to 10.154.2.0/24 pointing to the L3 switch

On the switch, you need a route pointing 10.1.250.0/24 and 10.1.251.0/24 towards FW 2 (10.2154.242.4)

Also a Route for 10.154.2.0/24 towards FW1 10.154.0.81

On FW you need a route for 10.1.250.0 and 10.1.251.0 towards the Switch

FW2

route <interface_name> 10.154.2.0 255.255.255.0 10.154.242.2

On switch

ip route 10.1.250.0 255.255.255.0 10.154.242.4

ip route 10.1.251.0 255.255.255.0 10.154.242.4

ip route 10.154.2.0 255.255.255.0 10.154.0.81

On FW1

route <interface_name> 10.1.250.0 255.255.255.0 10.154.0.83

route <interface_name> 10.1.251.0 255.255.255.0 10.154.0.83

Mike.

Mike

pablo.arcelcr · ‎08-24-2017

These are the interfaces in FW2

GigabitEthernet0/0.134 LMIDATA 10.1.250.1 255.255.255.0 manual
GigabitEthernet0/0.135 LMIVOICE 10.1.251.1 255.255.255.0 manual
GigabitEthernet0/1 INSIDE 10.154.242.4 255.255.255.248 manual
GigabitEthernet0/3 failover 192.168.255.9 255.255.255.252 unset

So the IP route for FW 2 will be

route INSIDE 10.154.2.0 255.255.255.192 10.154.242.2

am I right?

Do I need to do anything else?

Im still not able connect to the Server VLAN from the FW2

Maykol Rojas · ‎08-24-2017

Route looks ok, however you need to make sure you have NAT/ACLs statements to allow that traffic.

Regards;

Mike