Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
891
Views
8
Helpful
5
Replies

routing query

Go to solution
suthomas1
Level 6
Level 6

‎12-07-2012 09:41 PM - edited ‎03-07-2019 10:28 AM

Hi,

I have attached a quick image for the network in discussion here.

Current Situation:-  All servers are connected to the Core 6500 switch. Layer3 VLANS also exists on the same switch.

Users reach the Core and access the servers. No firewall in place as of now.

Planned situation:-  Connect two firewalls in HA mode to the single 6500 switch. All the Layer server VLANs to be logically moved to the firewall.

An intermediate transit link(192.168.100.0/30) will serve to route the traffic between the core and the firewalls.

A route on the 6500 will point all traffic to the servers towards the next hop as 192.168.100.2 interface and a return route on the firewall will point all traffic going to

the user segments towards the 192.168.100.1

The doubt here is ;

1. will this kind of routing work. Will it create any loops?

2. can we just do with the single routing transit link for all vlan traffics. Do we actually need seperate physicall links from the firewalls to the switch for each layer3 vlan that is created on the firewall.

Appreciate all inputs!

Labels:
Preview file
38 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Raju Sekharan
Cisco Employee
Cisco Employee
In response to suthomas1

‎12-07-2012 11:46 PM

I thought that you had only one server VLAN.

If you have multiple VLANs, you an have a trunk link between the Switch and firewall. So you would require only 2 links to connect to both firewalls

Firewall can have dot1q sub-interfaces to route between the VLANs

Thank you

Raju

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Raju Sekharan
Cisco Employee
Cisco Employee

‎12-07-2012 10:37 PM

1. No. This is just routing between 2 different subnets between Firewall and Router. So it won'tcause any loop

For the Server VLAN, the switch will be pure Layer 2 and for routing it will go to firewall

2. There should be be additional link from Switch to firewalls for the Server VLAN

Thank you

Raju

Go to solution
suthomas1
Level 6
Level 6
In response to Raju Sekharan

‎12-07-2012 11:39 PM

that means we need to have seperate physical links from the firewall to the switch for the different server Vlans?

1. we have around 6 server vlans whose layer3 will be migrated to the firewall from the current core switch, so in that case do we need 12 links in total for all the vlans?

2. what is the other workaround if we do not have sufficient ports on the network for incorporating the physical links.

Please suggest. thanks in advance!

0 Helpful

Go to solution
Raju Sekharan
Cisco Employee
Cisco Employee
In response to suthomas1

‎12-07-2012 11:46 PM

I thought that you had only one server VLAN.

If you have multiple VLANs, you an have a trunk link between the Switch and firewall. So you would require only 2 links to connect to both firewalls

Firewall can have dot1q sub-interfaces to route between the VLANs

Thank you

Raju

0 Helpful

Go to solution
suthomas1
Level 6
Level 6
In response to Raju Sekharan

‎12-08-2012 07:20 AM

thanks Raju.

Is there any other apart from subinterfaces? these are juniper firewalls, so we have to see if the sub interface portion will be feasible on this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card