Re: help with routing traffic between external and internal firewall

baselzind · ‎10-05-2020

in the attached diagram firewall A is the external firewall used for vpn and C is the internal firewall with direct connections to the ISP used for internet access , users are on vlan 1,2,3 on switch D and the switch is connected to the firewall C through a trunk and on the firewall C the interface have subinterfaces for the vlans connected to switch D. so now what i need is to set vpn on firewall A and let the vpn reach users on switch D in vlans 1,2,3, so what im planing is to connect firewall A inside to the switch B on a vlan and create an SVI on switch B, then on firewall C i make the B to C connectin on the same vlan as the interface on firewall A inside lets say the ip 1.1.1.1. And in order to let vpn users on firewall A to reach users on switch D, i make a static route with gateway 1.1.1.1? is this correct? will firewall C route traffic between switch D and firewall A?

Rob Ingram · ‎10-05-2020

Hi @baselzind

You don't even need to create an SVI on Switch B, if you make sure the FW-A to SW-B and SW-B to FW-C interfaces are in the same VLAN, the FW-A and FW-B devices will be able to communicate with each other. Therefore on FW-A define static routes for SW-B networks (VLAN 1,2 and 3) with a next hop as FW-B outside interface. On FW-B define a default static route via FW-A if required.

HTH

baselzind · ‎10-05-2020

thx for the info , but you said set static route for vlan 1,2,3 on FW-A for FW-B outside ip? there is no FW-B , did you mean FW-C

outside interface? which is connected to switch b?

Rob Ingram · ‎10-05-2020

Sorry, yes I meant FW-C. Yes, the outside interface would be the interface connected to SW-B.