Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
8
Replies

COMPLEX ROUTING - NETWORK DESIGN

fmugambi
VIP
VIP

‎10-28-2025 04:10 AM

Hello Team,

I Have a topology as attached.

fmugambi_0-1761649655054.png

Am running ospf area 0 and iBGP.
Need servers to access internet, inside to outside traffic.
there will be incoming ipsec traffic configured on the cisco ftd.
There will as well incoming traffic from the internet to internal servers via the DMZ zone.

Is this design practical?
What do i need to watch out for?
Thank you in advance..

Labels:
0 Helpful
8 Replies 8

Enes Simnica
Spotlight
Spotlight

‎10-28-2025 05:07 AM

@fmugambi gDay to u. And YESSIRRR ur design is practical, it'll work fine as long as u plan routing and NAt carefully. BUT watch out for: Asymmetric routing, NAT Rules, Routing and Policies...

Solid setup G!

-hope it helps!

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

fmugambi
VIP
VIP
In response to Enes Simnica

‎10-28-2025 05:21 AM

can i achieve using dynamic routing purely? no static routing at all?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-28-2025 05:16 AM

That is normal. How you do routing is essential for traffic flows and how your traffic engineering needs to work.

Port-channel or trunk and VLAN tag and SVI or Gateway need to be planned accordingly.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fmugambi
VIP
VIP
In response to balaji.bandi

‎10-28-2025 05:19 AM

you mean its just not forming ospf, there mu be some routing manipulations?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to fmugambi

‎10-28-2025 05:35 AM

You can do it however you prefer. You need to go into detail on that diagram to LLD to see how your flow needs to be.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fmugambi
VIP
VIP
In response to balaji.bandi

‎10-28-2025 05:47 AM

any guides i can look into, dynamic routes manipulations,
as i would not wish to use static routing.
I would need to have outbound traffic to internet = svrs->accesssw->coresw->insideftdzone->dmz/outiseftdzone->coresw->ciscoasr->internet.
IPSEC vpn = Internet->ciscoasr->coresw->ipsecftdzone->insideftdzone->coresw->accesssw->svrs
DMZ_traffic =internet->cisoasr->corese->dmzoutsideftdzone->insideftdzone->coresw->accesssw->svrs

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to fmugambi

‎10-28-2025 06:47 AM

Unfortunately, that provides less information, showing only flows. 

As I suggested before, make LLD in Visio and the VLAN and IP address schema, then you will surely come to a solution based on the path, where you need to use IGP/BGP with traffic engineering, route-maps, and prefix lists.

example CVD reference :

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents