Firewall as the gateway - Page 2

nelba_aldovino · ‎07-12-2010

Hi All,

Is it possible that the firewall will be your gateway but you have inter vlan routing as well?

How will i configure the L3 switch to do that situation?

Nagaraja Thanthry · ‎07-13-2010

Hello,

In order to allow certain hosts from VLAN3/4 to access internet via the firewall, please try the following configuration:

On the firewall:

route inside 192.168.3.0 255.255.255.0 192.168.2.1

route inside 192.168.4.0 255.255.255.0 192.168.2.1

global (outside) 1 interface

nat (inside) 1 192.168.3.0 255.255.255.0

nat (inside) 1 192.168.4.0 255.255.255.0

On the Switch:

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.2.2 (Firewalls IP)

access-list 103 permit ip host any

access-list 103 permit ip any 192.168.0.0 0.0.255.255

access-list 103 deny ip any any

access-list 104 permit ip host any

access-list 104 permit ip any 192.168.0.0 0.0.255.255

access-list 104 deny ip any any

interface VLAN 3

ip access-group 103 in

exit

interface VLAN 4

ip access-group 104 in

exit

In the above example, the firewall is allowing only certain hosts (IP1, IP2) to access internet and everybody else is blocked from internet access. You can add additional lines as necessary.

Hope this helps.

Regards,

NT

nelba_aldovino · ‎07-13-2010

Hi All,

I'll try all your recommendations.

Just another question, do you know any software that i may use to

try the configuration and connection of my figure.

Since packet tracer has no ASA devices only switches, routers, hubs, etc.

There is no ASA or other firewall devices.

thank you so much to all.

Nagaraja Thanthry · ‎07-13-2010

Hello,

You can try GNS3 as long as you have access to appropriate images.

http://www.gns3.net/

Regards,

NT

nelba_aldovino · ‎07-14-2010

thank you

Nagaraja Thanthry · ‎07-14-2010

Hello,

Glad that we could help. If your issues are addressed, can you please mark the question as answered in the forum so that other users can use it.

Thanks,

NT