route certain ip trafiic to different route

Mukesh Brahmbhatt · ‎01-23-2014

we have 1 R2901 router in network and 2 ASA5501 firewall, evrithing is working fine now our manager has decided to add different IP schema to DMZ in second firewall, but wanted certain LAN user to able to connceto to it. see picture for detail

Quastions: how do route certain IP traffic to second firewall, so it can be route to DMZ in that firewall. we do have working DMZ route in that firewall, but can't send traffic to that firewall .

Jon Marshall · ‎01-23-2014

Mukesh

Can't read the diagram.

Jon

Mukesh Brahmbhatt · ‎01-23-2014

so sorry,

Jon Marshall · ‎01-23-2014

Mukesh

If you simply want to route traffic to the new DMZ add this to the router -

ip route 192.168.x.x 172.16.16.254

the above would route traffic to the new DMZ but you might need to add routes to the firewall to get back to the router. It depends on what routes you already have.

If you only want certain users ie. not all, to get to the firewall you could use PBR on the router but it would just as easy to simply deny them access on the firewall.

If the above is not what you need then please clarify.

Jon

Mukesh Brahmbhatt · ‎01-23-2014

thanks for quick reply,

I did has implemted last night, but let me check on seconf firewall side, i am going to run packet tracer and let you know. I guess i spoke too soon for problem.