Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
2
Replies

routing issue between Cisco device and Virtual machine

nilaakshverma
Level 1
Level 1

‎03-30-2015 09:56 AM - edited ‎03-07-2019 11:19 PM

Hi Guys,

 

We have two local subnets in a virtualized environment, subnet 1 has a VM operating as a firewall, we would like all traffic for subnet 2 to go via VM on subnet 1, this will police traffic on subnet 2 and then reroute.  

The infrastructure involved comprises,

Internet Edge Switch -> ASA -> Core Switch -> IBM Flex chassis

The Internet edge switch is directly connected between the ISP routers and the Cisco ASA firewall pair (A/S). The ASA is then connected to the Core switch. Connected from the core switch is an IBM Flex chassis, via a port channel (all vlans allowed)

The local subnets in question are as follows:

Vlan 101 (10.1.1.0/24)

Vlan 102 (10.2.1.0/24)

The VM in question has two NIC cards having IP address of both subnets.

NIC 1:  10.1.1.1

NIC 2: 10.2.1.1

We would like packets destined for 10.2.1.1 to land on 10.1.1.1 IP address. At the moment traffic for each vlan routes from the outside to their respective local subnets successfully, what we are having difficulty with is directing traffic for subnet 2 via subnet 1 VM firewall.

At the moment we have tried adding a static route on the core switch but it didn’t work

ip route 10.2.0.0 255.255.255.0 10.1.1.1

I will appreciate if you could share your knowledge and guide me how to achieve this goal.

Thanks in advance :-)

 

 

 

 

 

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-30-2015 02:25 PM

Hi,

I think for this to work you need a transit vlan between the VMs and the core switch. So, if you have 2 vlans on the VM (101 and 102) you use the VM switch to route between the vlans and in order to go outside the local vlans you would use the core switch.  In this scenario you would not have an SVI (layer-3) interface on the core.  The only thing that core will have is the layer-2 vlans (101 and102).  You would than need a static route on the core switch to point to the transit vlan on the VM side.

so, for example, if the transit vlan is vlan 110 and the ip is 192.168.1.0/24

on the core you have static routes:

ip route 10.1.1.0/24 192.168.1.2 (VM side)

ip route 10.1.2.0/24 192.168.1.2 (VM side)

You also need an SVI for vlan 110 with ip address 192.168.1.1/24 on the core.

on the VM you need a default route to point to the core (192.168.1.1).

Is this what you are trying to do?

HTH

0 Helpful

nilaakshverma
Level 1
Level 1
In response to Reza Sharifi

‎04-01-2015 12:00 PM

Hi Reza,

Thanks for your help in this issue, I will try the above solution and get back to you with the result.

Best Regards,

Niel :-)

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card