06-01-2015 08:36 AM - edited 03-08-2019 12:17 AM
I have a point to point connection to install in a customers LAN with a private router at each location of the circuit. This customer has an IOS firewall/gateway as opposed to an ASA or the like. Whenever I've done a configuration like this with an ASA I point the LANs default gateway to the private router and that router decides whether to find the remote LAN across the circuit or send all other traffic up to the ASA to be routed out to the internet. As well, the ASA has a route to the remote LAN pointing to the private router for inbound connections.
The thing I'm not sure of is, will the router/IOS firewall act as a router or a firewall? In other words, will it function as a router where I can I still use the IOS firewall router as the default gateway with a static route back to the private P2P router and call it good? Or will it act as a true firewall where it won't route back out the interface it came in on? Which means I can't use it as my default gateway.
Thanks in advance.
06-01-2015 09:45 PM
Mike,
If they are using an IOS-based device as a combined router/firewall device then by default, the device should operate as a router with firewalling features on top of it. It should be able to route packets back the interface through which they came in, but the fact that you need to do this suggests a bad design. Can you perhaps post a diagram of a typical network explaining how the "private router" and the "firewall" are connected and why it would be necessary for the "firewall" to route packets back the same interface?
Best regards,
Peter
06-03-2015 06:07 AM
It did act as a router and not a firewall. I guess you get what you pay for.
Topology:
Internet
|
|
Router/FW
|
|
LAN
|
|
LAN P2P Router
|
(P2P T1)
|
Remote LAN P2P Router
|
|
Remote LAN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide