Re: Need help with the Configuration.

Beast6 · ‎11-19-2019

Traffic flow for all the customers now:

VLAN 476 --> R1 (g0/0/0) --> Switch(Port1) --> 4331 (g0/0/1) (NAT) -->Switch(Port22) --> R1 (g0/0/3) --> Internet.

I need to separate Customer X Traffic from all other traffic and customer X traffic should be diverted to Dell device before it goes out to the Internet. I am only worried about how to configure R1, 4331, switch and dell device.

I am attaching the configuration of R1, 4331, and Switch here.

I will appreciate any help on how to separate Customer X Traffic and how the devices need to be configured.

10.10.3.0/29 _ Inside Traffic for Customer X

1.1.1.208/28 _ Outside Traffic for Customer X

Can I use 1.1.1.208/28 since 1.1.1.0/24 divided into /28 subnet?

Thanks in Advance.

paul driver · ‎11-19-2019

Hello

The addressing in the topology doesn't relate to the config in the text file.

@Beast6 wrote:

I will appreciate any help on how to separate Customer X Traffic and how the devices need to be configured.

10.10.3.0/29 _ Inside Traffic for Customer X

1.1.1.208/28 _ Outside Traffic for Customer X

Can I use 1.1.1.208/28 since 1.1.1.0/24 divided into /28 subnet?

R1

int g0/0/0 - 10.10.2.1

int g0/0/3 - 1.1.1.2/28

Switch

interface GigabitEthernet0/0/1

description MPLS_10.10

ip address 10.10.2.4 255.255.255.240

interface GigabitEthernet0/0/2.700

ip address 1.1.1.4 255.255.255.240

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Beast6 · ‎11-19-2019

Hello @paul driver

The router is configured as Zone-Based.

Right now Inside Zone 10.10.2.0/28

Outside Zone 1.1.1.0/28

I want to use for Customer X

Inside Zone 10.10.3.0/29

Outside Zone 1.1.1.208/28

Georg Pauwen · ‎11-19-2019

Hello,

I assume that this is not a live network yet ? You have three routers using the same IP address space 1.1.1.0/28...

I do not see the logic in your topology, but either way:

You need to create a Vlan interface for the customer X network, and then use policy routing to send the traffic originating from that network to the Dell SecureWorks. So what we need is the configuration, in order, of the devices the customer X traffic passes through. Judging from your drawing, your customer X traffic comes in on R1, but you don't want it to be NATted, but sent the the VRRP routers, and from there to Dell SecureWorks ?

Beast6 · ‎11-19-2019

Hi @Georg Pauwen

This is not a live environment yet. I am trying to build the design and configuration right now.

Can I know what am I missing in that topology?

Judging from your drawing, your customer X traffic comes in on R1, but you don't want it to be NATted, but sent the VRRP routers, and from there to Dell SecureWorks?

Yes, NAT is done on the router 4331.

Georg Pauwen · ‎11-20-2019

First of all, your R1 router needs to have different IP address. You could use the next subnet in the 1.1.1.x range, which would be 1.1.1.16/28, so you router would have 1.1.1.17/28.

How is the traffic that is coming from the Dell SecureWorks being sent to the Internet, is it going back to R1 and then out to the Internet ?

Beast6 · ‎11-20-2019

Hi @Georg Pauwen

Router R1 belongs to our ISP which sends traffic to 4331 where NAT takes places and sends the traffic back to R1 which then goes out to the internet.

R1 - ISP Router

4331 - Belongs to us (NAT,ZBF)

2921 - Failover

Does this answer your question of why it is having 1.1.1.2/28?

How is the traffic that is coming from the Dell SecureWorks being sent to the Internet, is it going back to R1 and then out to the Internet?

Yes.

Below is the configuration I was thinking of please advise.

Router R1 - intg0/0/2 - 10.10.3.1/29

Router 4331:

Conf t
interface GigabitEthernet0/0/0
description MPLS_CustomerX
ip address 10.10.3.2 255.255.255.248
zone-member security E_FW_INSIDE_ZONE
no shut
end

ip route 192.168.20.0 255.255.255.0 10.10.3.1
.
.
.

I should create a new VLAN on switch Considering it as VLAN 2
Assign Ports 7,8 for VLAN 2

R1 Port g0/0/2 --> Port 7 on Switch
4331 Port g0/0/0 --> Port 8 on Switch

Switch:

conf t
interface GigabitEthernet1/0/7
description R1 CustomerX_Interface
switch port mode access
switchport access vlan 2

interface GigabitEthernet1/0/8
description 4331 CustomerX_Interface
switch port mode access
switchport access vlan 2
end

After this NAT takes places in 4331

ip nat inside source static 192.168.20.2 1.1.1.X

I am stuck here how do I configure 4331 and Dell to send this 1.1.1.X traffic from 4331-->Dell and from Dell back to R1 to go out to Internet?

Thanks in advance.