Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
2
Replies

IOS Firewall Feature Set - LAN P2P routing

miked
Level 1
Level 1

‎06-01-2015 08:36 AM - edited ‎03-08-2019 12:17 AM

I have a point to point connection to install in a customers LAN with a private router at each location of the circuit. This customer has an IOS firewall/gateway as opposed to an ASA or the like. Whenever I've done a configuration like this with an ASA I point the LANs default gateway to the private router and that router decides whether to find the remote LAN across the circuit or send all other traffic up to the ASA to be routed out to the internet. As well, the ASA has a route to the remote LAN pointing to the private router for inbound connections.

The thing I'm not sure of is, will the router/IOS firewall act as a router or a firewall? In other words, will it function as a router where I can I still use the IOS firewall router as the default gateway with a static route back to the private P2P router and call it good? Or will it act as a true firewall where it won't route back out the interface it came in on? Which means I can't use it as my default gateway.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎06-01-2015 09:45 PM

Mike,

If they are using an IOS-based device as a combined router/firewall device then by default, the device should operate as a router with firewalling features on top of it. It should be able to route packets back the interface through which they came in, but the fact that you need to do this suggests a bad design. Can you perhaps post a diagram of a typical network explaining how the "private router" and the "firewall" are connected and why it would be necessary for the "firewall" to route packets back the same interface?

Best regards,
Peter

0 Helpful

miked
Level 1
Level 1
In response to Peter Paluch

‎06-03-2015 06:07 AM

It did act as a router and not a firewall. I guess you get what you pay for.

 

Topology:

 

Internet
|
|
Router/FW
|
|
LAN
|
|
LAN P2P Router
|
(P2P T1)
|
Remote LAN P2P Router
|
|
Remote LAN

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card