How best to steer particular subnet traffic out new firewall
Question: How best to steer particular 192.168.X.0 /24 subnet traffic out through the new firewall to the Internet?
Internal network uses OSPF to include inside interface of ASA 5585X firewall. The ASA has a static route 0.0.0.0 /0 pointing to the edge router which is also redistributed into OSPF. The edge router has a static route 192.168.0.0 /22 pointing to the ASA. A new firewall has been installed in the network with it's inside interface participating in OSPF.
On the edge router a more specific route, 192.168.X.0 /24, can be added that points to the new firewall. On the new firewall a static route 0.0.0.0 /0 can be added that points to the edge router and NOT redistributed into OSPF.
You can also create a VRF on your switch and put interface 192.168.x.0/24 and internal interface of your new firewall in that VRF. Then you just need to configure a default route in that VRF toward new firewall internal interface. In this way, you can isolate network traffic of 192.168.X.0/24 on your switch.
The following documents are reviewed on the Ask The Experts Session titled: Use Case Overview and Planning: Cisco DNA Center Project Planning.
Here you can find editable versions of the
Solution Requirements Document UCOP_CiscoDNACenterProjectPlann...
If so, we’d like to speak with you to understand you and your team’s process on how you monitor and troubleshoot network traffic.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV_d4LYJ5oWqWj9CCy Based on your ...
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...