cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1022
Views
0
Helpful
5
Replies

Is supported Expressway-e external interface in different subnet of FW

r.gonzalez1
Level 1
Level 1

Hello, I have a client that they have a pair expressway (Expressway-C and expressway-E) with Expressway twith two interface in tipical configuraiton with dual interface.

 

       Exp-X  ---- FW ---- EXPE (10.1.1.1)----(10.1.1.2)FW ----Internet

 

Nowthe external interfeace the expressway-e is in the same network tha FW in fact The firewsall is the default gateway.Expressway, Peripherals

 

The client need change the Firewall and move to other location with other ip different. Could anyone tell me if it is supported? I suppose that yes but is for confirm before change anything.

    EXP-C --- FW ---- EXPE (10.1.1.1)  ---client newtork ---- (20.1.1.1) FW --- Internet

 

Thanks in advance

 

 

 

1 Accepted Solution

Accepted Solutions

As @Nithin Eluvathingal wrote change the IP address on the outside interface to match your firewall interface. If you can not do this you’re option is to use routing to reach your firewall.



Response Signature


View solution in original post

5 Replies 5

Not sure if I fully understand what you mean, but if you mean that you would have different networks on either side of your E yes that’s supported and actually the common way on how to deploy an Expressway E.

In my view this would be the common deployment.
Inside networks (where clients and systems are located -> Expressway C (IP address in internal network-> FW -> Expressway E internal interface -> FW Expressway E external interface -> FW -> internet 

Often the E interfaces are in different DMZ networks.



Response Signature


Hi Roger,
Sorry ,I think haven't explain correctly.
Now we have the configuration thay you say.
But do we need change FW 2 to differente location and this firewall will have other ip in other subnet that external interface expressway.
Mu question is Do I need take in account in expressway?, or Do I have only route this subnet for get connectivity?
Thanks in advance
(where clients and systems are located -> Expressway C (IP address in internal network-> FW -> Expressway E internal interface -> FW1 Expressway E external interface (10.1.1.1) -> (20.1.1.1)FW2 -> internet

what I understood is, you Expressway -E external interface ip is 10.1.1.1 and the default gateway for this subnet is FW which is 10.1.1.2.

And since you are moving your FW to a different place the FW  IP will change to 20.1.1.1. 

 

In that case if possible Change the Expressway -E external NIC ip to 20.1.1.X subnet 

If external NIC and Firewall is in different subnet, You may  need to play with routing option in expressway. 

 

 



Response Signature


Hi NIthin
Yes it's exactly that, I mean the expressway-e and firewall have to be in different subnet then the e question is: Do I need take in account something in Cisco expressway-e or I only need route this networks for get connectivity between them.
Thanks in advance

As @Nithin Eluvathingal wrote change the IP address on the outside interface to match your firewall interface. If you can not do this you’re option is to use routing to reach your firewall.



Response Signature