04-29-2011 07:01 AM - edited 03-06-2019 04:51 PM
Hello all,
Im facing a challenge. Please check attachment.
From a remote network I want to be able to reach MngNetwor which is behind the firewall. All devices no this network have the firewall as their gateway.
The challenge: before the firewall there is a 4507 layer3 switch which I want to have an IP on that network. This creates a connected route on the switch which routes the packets to that network. when the devices reply the firewall blocks because it did not receive the initial request.
Is there anyway I can make the packets go from the computer to the network and back through the firewall and keep the ip address on the switch?
I also want connections initiated from the switch NOT to go through the firewall and use the connected route.
The switch is just a backup in case of any problem with the firewall.
Things I tried
1. create a static route to smaller subnets of MngNetwork. That has the problem of reaching the switch IP and connecting to the network from the switch.
2. loopback interface on the switch and eliminate the other interface. This makes the network and switch ip reachable but traffic goes through the firewall.
Thanks all
04-29-2011 07:54 AM
conf t
!---Define traffic to redirect
ip access-list extended reroute
permit ip host 10.1.1.7 192.168.2.0 0.0.0.255
deny ip any any
exit
!---Define redirection
route-map RouteMgt permit 10
match ip address reroute
set ip next-hop 192.168.2.2
exit
!---Apply to vlan
int vlan 10
ip policy route-map RouteMgt
exit
That should do it.
Please rate this post if it helps.
05-01-2011 02:00 AM
Hi Antonio thanks for your response,
I'm not familiar nor really have experience with route-maps and PBR so I didnt really think about it, but your post sparked some ideas.
Just to be clear where would this route-map be applied (refering to my drawing). Would it be in the 4507? What is it you considered "the first router behind the firewall"?
But from that a route-map could be created like below (suppose 192.168.100.254 the firewall address connected to the 4507 switch and 192.168.2.2 the 4507 mngnetwork ip)
conf t
!---Define traffic to redirect.
ip access-list extended reroute
deny ip host 10.1.1.7 192.168.2.2 0.0.0.0
permit ip host 10.1.1.7 192.168.2.0 0.0.0.255
deny ip any any
exit
!---Define redirection
route-map RouteMgt permit 10
match ip address reroute
set ip next-hop 192.168.100.254
exit
!---Apply to vlan
int vlan 10
ip policy route-map RouteMgt
exit
what do you think?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide