01-23-2014 10:53 AM - edited 03-07-2019 05:45 PM
we have 1 R2901 router in network and 2 ASA5501 firewall, evrithing is working fine now our manager has decided to add different IP schema to DMZ in second firewall, but wanted certain LAN user to able to connceto to it. see picture for detail
Quastions: how do route certain IP traffic to second firewall, so it can be route to DMZ in that firewall. we do have working DMZ route in that firewall, but can't send traffic to that firewall .
01-23-2014 10:56 AM
Mukesh
Can't read the diagram.
Jon
01-23-2014 11:05 AM
so sorry,
01-23-2014 11:10 AM
Mukesh
If you simply want to route traffic to the new DMZ add this to the router -
ip route 192.168.x.x
the above would route traffic to the new DMZ but you might need to add routes to the firewall to get back to the router. It depends on what routes you already have.
If you only want certain users ie. not all, to get to the firewall you could use PBR on the router but it would just as easy to simply deny them access on the firewall.
If the above is not what you need then please clarify.
Jon
01-23-2014 11:17 AM
thanks for quick reply,
I did has implemted last night, but let me check on seconf firewall side, i am going to run packet tracer and let you know. I guess i spoke too soon for problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide