Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
5
Helpful
4
Replies

Unable handle traffic with firewall

HadiBeheshti
Level 1
Level 1

‎02-16-2021 11:37 AM

Hello
I have one switch 3750 and three switches 2960 with IP range 10.10.60.0 / 24 and the clients are connected to 2960 and 2960 is to 3750 trunk. I also want a 3750 port for a dmz hand with an IP range of 10.10.10.0/24 and a port for a lan hand with an IP range of 10.10.12.0/24. The firewall I used was software and I used kerio control. The third hand (wan) is connected to the Internet with an IP range of 192.167.2.0/24. Now I have run the ip routing command on 3750 and the clients see each other and can ping each other and this routing is done through the switch. How and what command should I write so that network traffic first goes to the firewall and then routing from there?
Kerio ip in wan: 192.167.2.2 with gateway: 192.167.2.1

Kerio ip in lan: 10.10.12.2

Kerio IP in dmz: 10.10.10.2
Also, all servers are connected in dmz and have ip with a range of 10.10.10.0/24 with a gateway of 10: 10.10.2
I'm a novice, please help me.

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2021 01:07 PM

we are not sure how you segmented on FW, so Switch needs to always point to routing towards FW, then FW sends the traffic out, as per your description here. since you have only 1 Gateway is FW.

 

if this is not the case, make a small network diagram and show us what is connected where, where your internet connection connected.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

HadiBeheshti
Level 1
Level 1
In response to balaji.bandi

‎02-18-2021 12:33 PM

B5BE4FC3-3F4C-447E-A839-7F96546CBD36.jpeg

 Thank u for responding 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to HadiBeheshti

‎02-18-2021 01:04 PM

Hi Hadi,

 

So, the core switch needs a default route towards Kerio FW.

ip route 0.0.0.0 0.0.0.0 10.10.10.2 

On the firewall, you need a default route pointing to the public IP address of 192.167.2.1

Not familiar with the firewall but the same concept:

ip route 0.0.0.0 0.0.0.0 192.167.2.1

Now, on the FW, you need a few static routes as follows:

assuming the ip on the core switch is .1

ip route 10.10.41.0/24 10.10.10.1

ip route 10.10.32.0/24 10.10.10.1

ip route 10.10.31.0/24 10.10.10.1

Also, this is assuming that NAT is running on the firewall, so private IPs can access the Internet.

HTH

 

0 Helpful

HadiBeheshti
Level 1
Level 1
In response to Reza Sharifi

‎02-19-2021 11:37 PM

10.10.12.0/24 or 10.10.10.0/24?

Client must connect to lan (10.10.12.2)

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card