Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
5
Replies

Route Traffic

Go to solution
pablo.arcelcr
Level 1
Level 1

‎08-29-2017 09:51 PM - edited ‎02-21-2020 06:15 AM

Hi.

 

I would like to request some help with the following case I have.

 

I need to route all the Internet traffic to the Router 1.

 

In the Firewall 2 I created the following route 

route 0.0.0.0 0.0.0.0 10.154.242.9 1

 

After that I dont know what else do I need to do the route the traffic.

 

Please advise.

 

Attched you will find a diagram

Labels:
Preview file
44 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎08-30-2017 12:59 AM

Hi there,

According to your diagram, you need to change the route statement to send all internet bound Firewall2 traffic to the WAN Switch VLAN200 SVI :

 

!
ip route 0.0.0.0 0.0.0.0 10.154.242.8 1
!

cheers,

Seb.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎08-30-2017 12:59 AM

Hi there,

According to your diagram, you need to change the route statement to send all internet bound Firewall2 traffic to the WAN Switch VLAN200 SVI :

 

!
ip route 0.0.0.0 0.0.0.0 10.154.242.8 1
!

cheers,

Seb.

0 Helpful

Go to solution
pablo.arcelcr
Level 1
Level 1
In response to Seb Rupik

‎08-30-2017 07:57 AM - edited ‎08-30-2017 08:05 AM

it was my mistake the correctone is the 10.154.242.9 but my concern is what do I route the internet traffic tthru Router 1

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to pablo.arcelcr

‎08-30-2017 09:05 AM - edited ‎08-30-2017 09:06 AM

If the routing for the point-to-point segments are correct, then it is probably a case of the subnets connected to Firewall2 not being known by Router1, causing the return traffic to be dropped.

Have you configured a dynamic routing protocol to advetise the subnets from Firewall2 to Router1 via the WAN switch and Firewall1?

 

cheers,

Seb.

0 Helpful

Go to solution
pablo.arcelcr
Level 1
Level 1
In response to Seb Rupik

‎08-30-2017 09:36 AM

I cannot use dynamic only static. But I dont know how to do it

 

Thanks

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to pablo.arcelcr

‎08-30-2017 12:57 PM

It is a shame you aren't using a contiguous address block behind Firewall2 which would have enabled us to use a summary route, instead of two static route entries.

I have assumed your firewall interface names are outside and inside. Please change these to suit.

 

At each point in the network where routing occurs you need to ensure the device knows which IP address to forward packets towards.

The static routes you'll need are:

Router1 ::

!
ip route 10.154.2.0 0.0.0.255 10.154.240.17
ip route 10.1.250.0 0.0.0.255 10.154.240.17
!


Firewall1 ::

!
ip route outside 0.0.0.0 0.0.0.0 10.154.240.21
ip route inside 10.154.2.0 255.255.255.0 10.154.0.83
ip route inside 10.1.250.0 255.255.255.0 10.154.0.83
!

WAN Switch ::

!
ip route 0.0.0.0 0.0.0.0 10.154.0.81
ip route 10.154.2.0 0.0.0.255 10.154.242.12
ip route 10.1.250.0 0.0.0.255 10.154.242.12 
!

Firewall2 ::

!
ip route outside 0.0.0.0 0.0.0.0 10.154.242.8
!

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card