Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
6
Replies

Need help with the Configuration.

Beast6
Level 1
Level 1

‎11-19-2019 11:20 AM

Traffic flow for all the customers now:

VLAN 476 --> R1 (g0/0/0) --> Switch(Port1) --> 4331 (g0/0/1) (NAT) -->Switch(Port22) --> R1 (g0/0/3) --> Internet.

 

I need to separate Customer X Traffic from all other traffic and customer X traffic should be diverted to Dell device before it goes out to the Internet. I am only worried about how to configure R1, 4331, switch and dell device.

 

I am attaching the configuration of R1, 4331, and Switch here.

 

I will appreciate any help on how to separate Customer X Traffic and how the devices need to be configured.

10.10.3.0/29 _ Inside Traffic for Customer X

1.1.1.208/28 _ Outside Traffic for Customer X

Can I use 1.1.1.208/28 since 1.1.1.0/24 divided into /28 subnet?

 

Thanks in Advance.Design.JPG

 

Labels:
Preview file
3 KB
0 Helpful
6 Replies 6

paul driver
VIP
VIP

‎11-19-2019 12:10 PM

Hello

The addressing in the topology doesn't relate to the config in the text file.

@Beast6 wrote:

 

I will appreciate any help on how to separate Customer X Traffic and how the devices need to be configured.

10.10.3.0/29 _ Inside Traffic for Customer X

1.1.1.208/28 _ Outside Traffic for Customer X

Can I use 1.1.1.208/28 since 1.1.1.0/24 divided into /28 subnet?

R1

int g0/0/0 - 10.10.2.1

int g0/0/3 - 1.1.1.2/28

Switch

interface GigabitEthernet0/0/1

description MPLS_10.10

ip address 10.10.2.4 255.255.255.240

 

interface GigabitEthernet0/0/2.700

ip address 1.1.1.4 255.255.255.240


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Beast6
Level 1
Level 1
In response to paul driver

‎11-19-2019 12:23 PM

Hello @paul driver 

 

The router is configured as Zone-Based.

Right now Inside Zone 10.10.2.0/28

Outside Zone 1.1.1.0/28

 

I want to use for Customer X

Inside Zone 10.10.3.0/29

Outside Zone 1.1.1.208/28

0 Helpful

Georg Pauwen
VIP
VIP

‎11-19-2019 01:21 PM

Hello,

 

I assume that this is not a live network yet ? You have three routers using the same IP address space 1.1.1.0/28...

 

I do not see the logic in your topology, but either way:

 

You need to create a Vlan interface for the customer X network, and then use policy routing to send the traffic originating from that network to the Dell SecureWorks. So what we need is the configuration, in order, of the devices the customer X traffic passes through. Judging from your drawing, your customer X traffic comes in on R1, but you don't want it to be NATted, but sent the the VRRP routers, and from there to Dell SecureWorks ?

0 Helpful

Beast6
Level 1
Level 1
In response to Georg Pauwen

‎11-19-2019 02:47 PM

Hi @Georg Pauwen 

 

This is not a live environment yet. I am trying to build the design and configuration right now.

 

Can I know what am I missing in that topology?

 

Judging from your drawing, your customer X traffic comes in on R1, but you don't want it to be NATted, but sent the VRRP routers, and from there to Dell SecureWorks?

Yes, NAT is done on the router 4331.

0 Helpful

Georg Pauwen
VIP
VIP
In response to Beast6

‎11-20-2019 06:48 AM

First of all, your R1 router needs to have different IP address. You could use the next subnet in the 1.1.1.x range, which would be 1.1.1.16/28, so you router would have 1.1.1.17/28.

 

How is the traffic that is coming from the Dell SecureWorks being sent to the Internet, is it going back to R1 and then out to the Internet ?

 

 

0 Helpful

Beast6
Level 1
Level 1
In response to Georg Pauwen

‎11-20-2019 08:09 AM

Hi @Georg Pauwen 

 

Router R1 belongs to our ISP which sends traffic to 4331 where NAT takes places and sends the traffic back to R1 which then goes out to the internet.

R1 - ISP Router

4331 - Belongs to us (NAT,ZBF)

2921 - Failover

Does this answer your question of why it is having 1.1.1.2/28?

 

How is the traffic that is coming from the Dell SecureWorks being sent to the Internet, is it going back to R1 and then out to the Internet?

Yes.

 

Below is the configuration I was thinking of please advise.

Router R1 - intg0/0/2 - 10.10.3.1/29

Router 4331:

Conf t
interface GigabitEthernet0/0/0
description MPLS_CustomerX
ip address 10.10.3.2 255.255.255.248
zone-member security E_FW_INSIDE_ZONE
no shut
end


ip route 192.168.20.0 255.255.255.0 10.10.3.1
.
.
.

I should create a new VLAN on switch Considering it as VLAN 2
Assign Ports 7,8 for VLAN 2

 

R1 Port g0/0/2 --> Port 7 on Switch
4331 Port g0/0/0 --> Port 8 on Switch

 

Switch:

conf t
interface GigabitEthernet1/0/7
description R1 CustomerX_Interface
switch port mode access
switchport access vlan 2

interface GigabitEthernet1/0/8
description 4331 CustomerX_Interface
switch port mode access
switchport access vlan 2
end

 

After this NAT takes places in 4331

ip nat inside source static 192.168.20.2 1.1.1.X

 

I am stuck here how do I configure 4331 and Dell to send this 1.1.1.X traffic from 4331-->Dell and from Dell back to R1 to go out to Internet?

 

Thanks in advance.

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card