Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
0
Helpful
4
Replies

NAT Implementation

Go to solution
Abubakar Siddique
Level 1
Level 1

‎03-22-2017 11:22 PM - edited ‎03-03-2019 08:30 AM

Hello Friends,

I am going to deploy a network with multiple VLANs, i have been using cisco firewall but this time the customer is short on money so had to install DELL Sonic-wall firewall there. Now the thing is that,  I want to add multiple VLANs 2 or more and want to grant them access the internet, please correct me if i am wrong

1. I will have to create sub-interfaces for each vlan on switchport where i will connect Sonic-wall and configure that port as trunk & configure virtual sub interfaces on firewall (X0) LAN interface, ?

2. NAT policy , I have multiple subnets i want to create inbount/outbound NAT policy what is the best practise ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Abubakar Siddique

‎03-23-2017 03:34 AM

Yes, that's correct.

Technically you will be creating a default route on the core switch since it's a L3 switch. It would be a default gateway if the switch were L2 only.

i.e.: 

ip route 0.0.0.0 0.0.0.0 <firewall inside address>

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-23-2017 02:39 AM

For the routing you are much better off just creating a small transit VLAN between your core switch and the firewall. Then you only need that one inside interface on the firewall and it serves as the default gateway for the core switch. All non-local traffic from behind the core switch would then be routed outbound through there.

For NAT You can jsut make a single dynamic NAT policy translating internal adddresses to the firewall's public interface. Unless you have scaling or regulatory/legal concerns, that is the quickest and easiest setup.

0 Helpful

Go to solution
Abubakar Siddique
Level 1
Level 1
In response to Marvin Rhoads

‎03-23-2017 03:30 AM

okay so i should create multiple vlans on the switch and create svis for routing then configure a default gateway that will point towards firewall's ip, One seperate vlan betwen switch and firewall? so no need to configure the port as trunk right?

i will have to configure NAT on firewall as there is no option to configure NAT in cisco 3850, 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Abubakar Siddique

‎03-23-2017 03:34 AM

Yes, that's correct.

Technically you will be creating a default route on the core switch since it's a L3 switch. It would be a default gateway if the switch were L2 only.

i.e.: 

ip route 0.0.0.0 0.0.0.0 <firewall inside address>
0 Helpful

Go to solution
Abubakar Siddique
Level 1
Level 1
In response to Marvin Rhoads

‎03-23-2017 03:37 AM

i will try it out . Thankyou Sir

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents