Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
3
Helpful
7
Replies

IP Design scheme

viniciuscoutinho
Level 1
Level 1

‎07-23-2013 06:30 PM - edited ‎03-04-2019 08:32 PM

Hi Guys,

I would like a help regarding to  IP addresses in our Core Router (Cisco 2911), see the diagram attached.

Currently, we are doing a migration plan of our data center, that's new diagram, but we faced out a problem to set the IP addressES. We have to set an IP between the Core router (Cisco 2960) and the switches (Cisco 2911) to do the communication, but we cannot set the subnet 192.168.1.x, because it's the subnet to the int g/01 192.196.1.5 towards to Firewall and also we cannot change the subnet of our internal network...Switches, Servers

Do you have any idea how to figure out that?

Tks in advance! Vini

Labels:
0 Helpful
7 Replies 7

usasigcis
Level 1
Level 1

‎07-23-2013 07:39 PM

Vini,

first thing first, i recommend you not to publish your real public ip addresses here, you can use xxx on 2nd or 3rd octates to mask it.

when it comes to you problem, you dont have many options,

1) you should change the ip address of the router g0/1 connecting to firewalls , that would be the easiest approach.

2) can you split the /24 into smaller pieces such as 4 x //22 or 2 x /23

3) get rid of the router. just connect switches to firewall pair directly and connect the router to Firewalls which is going to Melbourne/Sydney

0 Helpful

viniciuscoutinho
Level 1
Level 1
In response to usasigcis

‎07-23-2013 09:17 PM

Hi there,

The goal is to control and manage the traffic from Melbourne / Sydney to the Internet that why we placed a router between firewall and WAN/Servers.
The Cisco Router 2911 comes with 3 gigabit ports as standard, the IT system administrator told if we install a module 4-Port Cisco EtherSwitch HWICs, we could set the IP subnet 192.168.1.x... coz it's in a different module...Do you think is that make sense?
Tks for your reply!!!

0 Helpful

usasigcis
Level 1
Level 1
In response to viniciuscoutinho

‎07-23-2013 09:32 PM

no you dont need an extra card.

you can create an bvi on the two ports of the 2911 and connect those two ports to FWs

and connect to sw to ASA directly for 192.168.1.0/24 network. if you dont want to change any address currently existing.

0 Helpful

viniciuscoutinho
Level 1
Level 1
In response to usasigcis

‎07-23-2013 09:59 PM

Ok, it's make sense, but if I connect the ASA firewall directly to the SW, I'll be able to control the traffic/monitor to the network 192.168.1.0/24?...as I mentioned the main goal of the router 2911 is control the traffic between WAN / net 192.168.1.0 and firewall.

0 Helpful

usasigcis
Level 1
Level 1
In response to viniciuscoutinho

‎07-23-2013 10:11 PM

in this case, you squeeze the router in between switch and ASA but re-ip the connection.

ex; ASA inside 10.1.x.1/29 <---> 10.1.x.2/29 Router 192.168.1.1/24 <----> Switch (192.168.1.0/24)

                                                                        (192.168.x.0/24)

                                                                           I

                                                                           I

                                                                      WAN(192.168.x.0/24)

makes sense?

usasigcis
Level 1
Level 1
In response to usasigcis

‎07-23-2013 10:12 PM

please rate if that helped.

Thanks

0 Helpful

viniciuscoutinho
Level 1
Level 1
In response to usasigcis

‎08-06-2013 07:37 PM

As we cannot change any ip address, the best approach is to connect the switches ----> Firewall

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card