Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
3
Replies

3560 Route Map

Go to solution
Stacey Hummer
Level 1
Level 1

‎03-11-2015 06:19 AM - edited ‎03-07-2019 11:02 PM

So, we are setting up a new ASA firewall, we currently have a Juniper firewall.

What I am trying to do is map on our core switch (3560) that any traffic from our mail server (inside) gets forwarded to the Juniper and all other traffic goes out the ASA. I know this shouldn't be hard and I'm probably over thinking it but I would appreciate any help.

 

So Juniper internal ip 10.2.0.1 mail server 10.2.0.92

ASA firewall internal ip 10.3.0.10

All traffic goes threw the 3560 @ 10.2.0.2 but the juniper is on one port and the ASA is on another port.

 

Thanks in advance

Stacey

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-11-2015 06:32 AM

Hi Stacey

Normally you would use PBR for this but the mail server is in the same IP subnet as the Juniper assuming a /24 subnet mask.

Which would mean if you used PBR you would be sending traffic back out of the same interface it came in on ie the mail server sends traffic to it's default gateway on the 3750 and then the 3750 has to send it back out the same SVI because the Juniper is in the same subnet.

This may or may not work, I have seen both with L3 switches when you try this.

Is there any reason the default gateway of the mail server could not be changed to the Juniper firewall ?

Jon

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-11-2015 06:32 AM

Hi Stacey

Normally you would use PBR for this but the mail server is in the same IP subnet as the Juniper assuming a /24 subnet mask.

Which would mean if you used PBR you would be sending traffic back out of the same interface it came in on ie the mail server sends traffic to it's default gateway on the 3750 and then the 3750 has to send it back out the same SVI because the Juniper is in the same subnet.

This may or may not work, I have seen both with L3 switches when you try this.

Is there any reason the default gateway of the mail server could not be changed to the Juniper firewall ?

Jon

 

0 Helpful

Go to solution
Stacey Hummer
Level 1
Level 1
In response to Jon Marshall

‎03-11-2015 06:40 AM

Jon,

Thanks for the info, yes, I didn't think about just changing the default gateway on the mail server itself. I will give that a go.
 

0 Helpful

Go to solution
Stacey Hummer
Level 1
Level 1
In response to Jon Marshall

‎03-11-2015 11:36 AM

Jon,

 

Thanks for the help, just changed the default gateway on the servers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card