Solved: Routing To Firewall - Page 2

NetworkGuy! · ‎09-30-2019

Hello

This is my topology as attached. I have site A (Switch A) connected to FW (all same subnet)

I know have Site B (Switch B) connecting to Site A (Switch A) however I want only 1 subnet out of Site B (10.20.100.0/24) behind Site A firewall - is this possible?

Jon Marshall · ‎10-01-2019

Just to add, as Paul says it will work, but you need to modify your next hops ie. you cannot have a static route on switch B pointing to the firewall IP, it needs to point to switch A's IP and then switch A has a route to the firewall and the same for routes from the firewall back.

Unless of course you are using EIGRP in the VRF as well in which case it will work.

Jon

NetworkGuy! · ‎10-01-2019

Thanks Paul and Jon - now I have limited fibre connectivity between Switch A and Switch B

So can I do a L3 port-channel between two multilayer switches

example:

Switch A

port3.254

ip address 10.10.254.1 255.255.255.252

Port 3.253

ip address 10.10.253.4 255.255.255.252

vrf Test

Switch B

port3.254

ip address 10.10.254.2 255.255.255.252

Port 3.253

ip address 10.10.253.5 255.255.255.252

vrf Test

will the above work with VRF config?

Jon Marshall · ‎10-01-2019

Yes that should work fine.

Jon