Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
2
Replies

I need advice

anthony.guiet
Level 1
Level 1

‎12-31-2013 02:24 AM - edited ‎03-07-2019 05:19 PM

Hello,

I come to you with a problem that I thought simple but is more complicated than expected for me.

And as a scheme is better than a long explanation :

Mise en place LAN 7 et 8.jpg

In my office, I have two companies must be separated on the network but have the same Internet connection and must go to the same corporate network. Basically I was thinking of doing as shown but my problem is that I can not add the same route to two gateway on the ASA 5505.

Someone have a solution for this type of need ?

Thank you in advance

Anthony

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎12-31-2013 05:06 PM

Anthony-

The way I see it you have two options;

1) re-number one of the 192.168.18.0 networks or

2) NAT on one of the Dell switches (I don't know if that is supported or not)

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎01-01-2014 06:12 AM

Anthony

If you can readdress as Collin suggests that would probably be the easiest thing to do.

But it's not clear from your diagram exactly how things works. In the DC vlans 17 & 18 exist on the switch shown.  This switch is connected to a switch in the office site. But your diagram does not make it clear whether the office switch has vlans 17 and 18 on it as well.

If it does, then what is the interconnect configured as ? If it is a trunk allowing vlans 17 & 18 across then -

a) you cannot use NAT on the switches (even if supported)

and

b) you have effectively merged the vlans together in each site with the same IP subnets. This could create problems ie. 192.168.17.10 arps out for 192.168.17.20 and would get 2 replies ie. one from the local host in the same site but then one from the remote 192.168.17.20 in the other site.

It looks like the routing for each subnet is done via the respective ASA so it is only going to be a problem within the same vlan but you need to avoid it.

So the questions are -

1) how is the office switch actually setup ie. is it the same as the DC switch

2) what is the interconnect between the switches configured as ie. an access port link (if so which vlan), a trunk link

Because the routing looks to be done on each ASA is it safe to assume that the switches are only acting as L2 devices ie. neither of the switches have any inter vlan routing on them ?

Finally, depending on which subnets need to communicate with each other between sites it may be possible to use NAT on each ASA before packets are sent to the other site but it really is dependant on how the switch connectivity works.

Even if you readdress you still need to pay attention to the switch connectivity because you could still be merging vlans together, just with different IP subnets.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card