I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall
192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. Does anyone have any suggestion on how I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
I appreciate any input and help.
Right now the two networks has a tunnel setup and they have communications between the two via vpn/wan link. We ended up staying as one company for the meantime. The existing connection is slow when we transfer files since we are going over the WAN link. We want to be able to get LAN speed. Since both routers are in the same physical location I figured there is a way to bridge or make the 2 subnet talk to each other without going through the WAN to communicate with each other.
The cisco router has g0/2 available at the moment. Is there a way to link the 2 subnet via ethernet port? both LAN 9.x and 1.x network is connected to a dell switch in their respective subnet.
Please see topology I have composed... Is this accurate?(Ignore the poor attempt, no Visio on this laptop)
Now if the above is correct What is is the model of router you are using to connect to the internet(in my topology GW Router).
I am thinking if the GW Router is unmanaged, you should be able to simply place a crossover cable between then and implement a routing protocol & Retire the WAN link(For data transfer)
Please correct me if I have mis-read your explination.
Liam, Thanks for the response.
The Watchguard has a WAN connection via tw telecome on port 0, port 1 is connected to the dell switch which consist of the LAN on the 192.168.1.x network
Cisco router has a WAN connection on the wan link interface and G 0/1 is connected to a dell switch which consist of the 192.168.9.x network.
Both network has a VPN tunnel so the can communicate right now but the link is slow because it has to go through the internet to communicate. Since the company is not ready to become its own company they decided to stay in the same building. We want to be able to get LAN speed connection between the two network.
There are ports available on both the watchguard and Cisco router. Is it possible to link the two using one of the ethernet ports of the cisco router? Is suppernetting an option though I havent done one yet, VLAN, Bridge? Again, I appreciate any help.
Got a better understanding now So my diagram is accurate except for the GW Router, your WATCHGUARD connects directly to the internet. Correct?
You would not be able to bridge the two networks because they are two totally different subnets(Or im not aware of how to do it.) I know you can bridge multiple routers into a single broadcast domain so they act like switches but again thats within a single subnet.
I would approach it by implementing a dynamic routing protocol between the 2921 & the watchguard firewall. I know the 2921 supports dynamic routing protocols & I can help you configure that side of things, however I do not have any background in watchguard. Do you manage, have any experience configuring these?
If so take a dynmaic protocol like OSPF or RIPv2 & advertise the directly connected networks on each device.
an example. we will use the network 220.127.116.11/30 to connect the two units.(directly connected via crossover cable)
so the watchguard would need to advertise the following networks:-
And the 2921 would need to advetise:-
The great thing about this, is that aslong as you are not doing any funky static routes you can implement this with very little change to the current configuration.
Heres an example of RIP & OSPF
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 18.104.22.168 255.255.255.252
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 192.168.9.1 255.255.255.0
Router(config)#router ospf 1
Router(config-router)#network 22.214.171.124 0.0.0.255 area 0
Router(config-router)#network 192.168.9.0 0.0.0.255 area 0
Again when you mirror this configuration on the watchguard if you use RIP, ensure your watchguard is configured for version2. If you use OSPF ensure the process ID is 1 & that the interfaces are within area 0 or they will not negociate.
If the watchguard does not support routing protocols buy/place another cisco router infront of the FW and ill help you get them talking
Yes your diagram was spot on. Thanks for putting that together. The Watchguard is able to use Dynamic routing protocol RIP and OSPF. I will find more info on how to get it configured. I have 1 available port in the cisco router so I can use that to configure it. I will try this and get back to you. Are there any other configuration that I need to do on the 2921 to get it to work or above commands will do?
Yes the above examples can pretty much be copy and pasted. Obviously use either/or on the RIP/OSPF.
ofcourse on your 2921 you will have gig ports so the commands will be interface 'gigabitethernet 0/x' insted of 'fastethernet 0/x'
Also your port to connect to the FW will be g0/2 not 0/0 as in my example. So just be careful with the code before you paste it or you may bring interfaces down
I would proberly use RIPv2 for this scienario as it is simple & easy to troubleshoot if you run into any problems.
Let me know how you get on! If you run into any teething problems let me know.
Here is a pic to help illustrate what I have discussed.
One final note, before implementing anything discussed, please take full backups of both devices and try to test this in a controlled environment first!
Disclaimer:- All information provided is free of charge and advisory. Therefore all information provided should be tested and verified before implementation. I take no responsibility for any downtime caused by this information.
One thing I am verifying as we speak. Is be careful you don't introduce a routing loop. Im not sure it will but better safe then sorry
As packet flow can now leave the watchguard(Via WAN) Enter Router Via(WAN) then be passed over the crossover. What I would be keen to do is when testing bring down the S2S VPN this will mitigate any potential routing loops
Appeciate it. Yes, Thats how I am testing the connection by bringing down the WAN interface on the cisco router. We will disable the tunnel once we get this up and running.
There is no need to configure an ACL. By default the dynamic routing protocol will route all traffic between subnets. You will only need to consider an ACL if you want to deny certain traffic from one subnet to another for example.
How are you getting along?
Sent from Cisco Technical Support Android App