Calling Cisco experts - Need help with Cisco 3750 Routers
Hello,
There are two firewall (hardware) appliances, configured as High Availability (HA) in active passive mode.
In the current configuration, all routing is handled by the firewall appliances.
The idea is to move the routing to two Cisco 3750 (layer three) switches. Two Cisco switches have been selected as another point of failure is being introduced. This way there can be redundancy with the two Cisco switches; If the main Cisco switch fails, the second Cisco switch is available and will still allow network traffic to be routed / transmitted as it should.
I have had a "Cisco" expert come in and propose a solution using the Cisco switches.
He proposed "stacking" the Cisco switches (Master / member). In his proposal, each firewall will have two cables connected to the Cisco switches - 1 connection to the Master (firewall port 3), 1 connection to the member (firewall port 4).
Because the firewalls are configured for HA, the configuration of each unit is a mirror of each other (i.e. identical). That means that each firewall is pointing to the same gateway addresses (for routing) although the routes in the secondary firewall are not active while the primary firewall is function.
Will this configuration work? Is "stacking" the Cisco switches the right way to go?
Any information / suggestion would be greatly appreciated.
Thanks in advance.
Mark
There are two firewall (hardware) appliances, configured as High Availability (HA) in active passive mode.
In the current configuration, all routing is handled by the firewall appliances.
The idea is to move the routing to two Cisco 3750 (layer three) switches. Two Cisco switches have been selected as another point of failure is being introduced. This way there can be redundancy with the two Cisco switches; If the main Cisco switch fails, the second Cisco switch is available and will still allow network traffic to be routed / transmitted as it should.
I have had a "Cisco" expert come in and propose a solution using the Cisco switches.
He proposed "stacking" the Cisco switches (Master / member). In his proposal, each firewall will have two cables connected to the Cisco switches - 1 connection to the Master (firewall port 3), 1 connection to the member (firewall port 4).
Because the firewalls are configured for HA, the configuration of each unit is a mirror of each other (i.e. identical). That means that each firewall is pointing to the same gateway addresses (for routing) although the routes in the secondary firewall are not active while the primary firewall is function.
Will this configuration work? Is "stacking" the Cisco switches the right way to go?
Any information / suggestion would be greatly appreciated.
Thanks in advance.
Mark
James H
Switch stacking is the way to go. You can duplicate the port settings on each member of the stack and have port redundancy to match your firewalls.
To add, you can lose one member of your stack and still maintain network access. Switch stacking has been around for a while and does work quite well when setup properly. Depending on your switch type, you can even stack power for greater redundancy in case of power supply failure. I have a stack of 8 3750x's stacked for switch and power.
Yes.. That is the way to do it. With the 2 switches in the stack, they look like one big switch. The failover will occur almost instantly on a an outage.
ASKER
Okay - let me bring this one step further.
The consultant completed the implementation.
He stacked the two Cisco 3750 switches.
He configured it as pasted at the end of this post.
He defined port 23 and 24 on the master as 192.168.100.1; 192.168.100.129
He defined port 23 and 24 on the slave as 192.168.101.1; 192.168.100.129
Primary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.253 and 192.168.101.253
Secondary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.254 and 192.168.101.254
The secondary routes are not active; however the management ip's are active and are unique for each firewall appliance.
There is no communication between the firewall appliances on any data that routes through the two Cisco switches.
For instance, if I am connected to the primary firewall appliance, I should be able to reach the management ip address of the secondary firewall. I am unable to do so.
Prior to implementing the Cisco switches, I was able to communicated to the management ports that were routed through the private network switches.
Can someone help point me in the right direction to resolve this problem? I believe the issue to be related to the Cisco switch configuration and not the firewall.
In the current configuration, if I connect port 24 on the master Cisco switch to port 3 on the secondary firewall, there is not network traffic passed through the CISCO stack. If I unplug it, traffic passes through to internet and between private network through the Cisco stack.
Help!!!!!!!!!
Any advice would be greatly appreciated.
--------------------------
Cisco stack configuration: (I have removed "unnecessary" lines from the config that are not required for resolving the problem)
**************************
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
hno aaa new-model
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
ip routing
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet1/0/1
description Switch_Dev
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/2
description Switch_Admin
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/3
description Switch_EsignLive
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
description Switch_Firewall_1
no switchport
ip address 192.168.100.1 255.255.255.128
speed 1000
duplex full
!
interface GigabitEthernet1/0/24
description Switch_Firewall_2
no switchport
ip address 192.168.100.129 255.255.255.128
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
description Switch_Dev_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/2
description Switch_Admin_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/3
description Switch_EsignLive_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
description Switch_Firewall_1
no switchport
ip address 192.168.101.1 255.255.255.128
!
interface GigabitEthernet2/0/24
description Switch_Firewall_2
no switchport
ip address 192.168.101.129 255.255.255.128
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.0.7.254 255.255.248.0
!
interface Vlan20
ip address 10.0.15.254 255.255.248.0
!
interface Vlan30
ip address 10.0.23.254 255.255.248.0
!
interface Vlan100
ip address 192.168.0.100 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.101.2 150
ip http server
ip http secure-server
!
!
!
!
end
**************************
The consultant completed the implementation.
He stacked the two Cisco 3750 switches.
He configured it as pasted at the end of this post.
He defined port 23 and 24 on the master as 192.168.100.1; 192.168.100.129
He defined port 23 and 24 on the slave as 192.168.101.1; 192.168.100.129
Primary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.253 and 192.168.101.253
Secondary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.254 and 192.168.101.254
The secondary routes are not active; however the management ip's are active and are unique for each firewall appliance.
There is no communication between the firewall appliances on any data that routes through the two Cisco switches.
For instance, if I am connected to the primary firewall appliance, I should be able to reach the management ip address of the secondary firewall. I am unable to do so.
Prior to implementing the Cisco switches, I was able to communicated to the management ports that were routed through the private network switches.
Can someone help point me in the right direction to resolve this problem? I believe the issue to be related to the Cisco switch configuration and not the firewall.
In the current configuration, if I connect port 24 on the master Cisco switch to port 3 on the secondary firewall, there is not network traffic passed through the CISCO stack. If I unplug it, traffic passes through to internet and between private network through the Cisco stack.
Help!!!!!!!!!
Any advice would be greatly appreciated.
--------------------------
Cisco stack configuration: (I have removed "unnecessary" lines from the config that are not required for resolving the problem)
**************************
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
hno aaa new-model
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
ip routing
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet1/0/1
description Switch_Dev
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/2
description Switch_Admin
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/3
description Switch_EsignLive
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
description Switch_Firewall_1
no switchport
ip address 192.168.100.1 255.255.255.128
speed 1000
duplex full
!
interface GigabitEthernet1/0/24
description Switch_Firewall_2
no switchport
ip address 192.168.100.129 255.255.255.128
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
description Switch_Dev_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/2
description Switch_Admin_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/3
description Switch_EsignLive_1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,100
switchport mode trunk
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
description Switch_Firewall_1
no switchport
ip address 192.168.101.1 255.255.255.128
!
interface GigabitEthernet2/0/24
description Switch_Firewall_2
no switchport
ip address 192.168.101.129 255.255.255.128
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.0.7.254 255.255.248.0
!
interface Vlan20
ip address 10.0.15.254 255.255.248.0
!
interface Vlan30
ip address 10.0.23.254 255.255.248.0
!
interface Vlan100
ip address 192.168.0.100 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.101.2 150
ip http server
ip http secure-server
!
!
!
!
end
**************************
first of all, is this typo?
He defined port 23 and 24 on the slave as 192.168.101.1; 192.168.100.129
Port 24 on the slave should be 192.168.101.129
He defined port 23 and 24 on the slave as 192.168.101.1; 192.168.100.129
Port 24 on the slave should be 192.168.101.129
ASKER
sorry - typo; The slave is 192.168.101.129 and not 192.168.100.129
deleted the comment...
I'm trying to figure out your set up...hold on...
I'm trying to figure out your set up...hold on...
Can you describe how your firewall is connected to which ports on the switch?
Also where is the firewall management ports are connected to?
Also where is the firewall management ports are connected to?
ASKER
Just an FYI - I was not the person who wired and put together this configuration. I am just trying to clean up and find a solution to the horrible (and mismanaged) problem that I am now facing.
The firewall is also in HA mode (Active / Passive) with the secondary firewall in passive mode.
Port 23 on the master firewall is connected to port 23 on the master switch;
Why do you say port 3 on the slave firewall should connect to port 23 on the slave switch?
The ip addresses between slave firewall port 3 and slave cisco switch are not configured as the same subnet
The firewall is also in HA mode (Active / Passive) with the secondary firewall in passive mode.
Port 23 on the master firewall is connected to port 23 on the master switch;
Why do you say port 3 on the slave firewall should connect to port 23 on the slave switch?
The ip addresses between slave firewall port 3 and slave cisco switch are not configured as the same subnet
So here is the deal.. Since the ASAs are active/standby - then port 3 on each ASA needs to be on the same vlan. So the switch ports should not be layer 3, they should be layer 2 in a vlan. Port 3 on ASA #1 needs to be able to communicate with Port 3 on ASA #2. Likewise for all of the other ports. So they will need to be connected to a layer 2 vlan for this to work.
Also... my preference ... I never use the management port on an ASA. Its too much of a pain in the but and I see no value in it. I always manage the ASA with the inside interface. just my preference.
ASKER
The firewall management ports match the same port for the the subnet is defined for the routing:
For instance, firewall port 3 (master) uses subnet 192.168.100 / 24, therefore the management ip address is this port (192.168.100.253);
Same thing for firewall port 4 (master):
Firewall port 4 (master) uses subnet 192.168.101 / 24, therefore the management ip address is this port (192.168.101.253);
For instance, firewall port 3 (master) uses subnet 192.168.100 / 24, therefore the management ip address is this port (192.168.100.253);
Same thing for firewall port 4 (master):
Firewall port 4 (master) uses subnet 192.168.101 / 24, therefore the management ip address is this port (192.168.101.253);
ASKER
Please excuse this question, but what does ASA stand for?
Adaptive Security Appliance
Its Cisco's name for their firewall
Yeah that's why I deleted the comment because I misunderstood.
Just to clear up, can you provide the following information?
Master Firewall port 3 ----------------------> which port on the switch?
Master Firewall port 4----------------------> which port on the switch?
Master Firewall mgmt ---------------------->whi
Same goes for the slave firewall.
Just to clear up, can you provide the following information?
Master Firewall port 3 ----------------------> which port on the switch?
Master Firewall port 4----------------------> which port on the switch?
Master Firewall mgmt ---------------------->whi
Same goes for the slave firewall.
I do agree with ken, they shouldn't configure it as layer 3 routed port.
It will be much easier to create a VLAN and let the switch do the routing.
It will be much easier to create a VLAN and let the switch do the routing.
Let me re-iterate this so it wasn't missed:
So here is the deal.. Since the ASAs are active/standby - then port 3 on each ASA needs to be on the same vlan. So the switch ports should not be layer 3, they should be layer 2 in a vlan. Port 3 on ASA #1 needs to be able to communicate with Port 3 on ASA #2. Likewise for all of the other ports. So they will need to be connected to a layer 2 vlan for this to work.
So here is the deal.. Since the ASAs are active/standby - then port 3 on each ASA needs to be on the same vlan. So the switch ports should not be layer 3, they should be layer 2 in a vlan. Port 3 on ASA #1 needs to be able to communicate with Port 3 on ASA #2. Likewise for all of the other ports. So they will need to be connected to a layer 2 vlan for this to work.
Sorry infamous... I posted at the same time... ;)
Happens to me too all the time :)
Also, this is confusing.....
The gateway for the firewall is the interface of the switch???
Primary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.253 and 192.168.101.253
Secondary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
The gateway for the firewall is the interface of the switch???
Primary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
Management ip address: 192.168.100.253 and 192.168.101.253
Secondary firewall:
Port 3: IP address 192.168.100.2; gateway 192.168.100.1
Port 4: IP address 192.168.101.2; gateway 192.168.101.1
ASKER
Master Firewall port 3 ----------------------> Master Cisco switch port 23
Master Firewall port 4----------------------> Slave Cisco switch port 23
2 management ip's defined:
Master Firewall mgmt ---------------------->192
Master Firewall mgmt ---------------------->192
Slave Firewall port 3 ----------------------> Master Cisco switch port 24
Slave Firewall port 4----------------------> Slave Cisco switch port 24
Slave Firewall mgmt ---------------------->192
2 management ip's defined:
Slave Firewall mgmt ---------------------->192
slave Firewall mgmt ---------------------->192
Master Firewall port 4----------------------> Slave Cisco switch port 23
2 management ip's defined:
Master Firewall mgmt ---------------------->192
Master Firewall mgmt ---------------------->192
Slave Firewall port 3 ----------------------> Master Cisco switch port 24
Slave Firewall port 4----------------------> Slave Cisco switch port 24
Slave Firewall mgmt ---------------------->192
2 management ip's defined:
Slave Firewall mgmt ---------------------->192
slave Firewall mgmt ---------------------->192
Ok, let's back up a little and look at the configuration for now.
Master Firewall port 3 ----------------------> Master Cisco switch port 23
192.168.100.2 192.168.100.1
Master Firewall port 4----------------------> Slave Cisco switch port 23
192.168.101.2 192.168.101.1
Slave Firewall port 3 ----------------------> Master Cisco switch port 24
192.168.100.2 192.168.100.129
Slave Firewall port 4----------------------> Slave Cisco switch port 24
192.168.101.2 192.168.101.129
And the routing is..
ip route 0.0.0.0 0.0.0.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.101.2 150
So if port3 on the firewall fails then it will route to port4 of the firewall?
Since the firewalls are redundant, and have same virtual IP of 192.168.100.2, the default route should only be 0.0.0.0 0.0.0.0 192.168.100.2 assuming port 3 is the LAN interface of the firewall. Also is port4 "heartbeat" between the firewalls?
And the last question is that the management IP is configured on port 3 and port 4 on the firewall? Which means port3 and port4 has two IP's configured on each port?
What is port3 and port4 of the firewall?
Master Firewall port 3 ----------------------> Master Cisco switch port 23
192.168.100.2 192.168.100.1
Master Firewall port 4----------------------> Slave Cisco switch port 23
192.168.101.2 192.168.101.1
Slave Firewall port 3 ----------------------> Master Cisco switch port 24
192.168.100.2 192.168.100.129
Slave Firewall port 4----------------------> Slave Cisco switch port 24
192.168.101.2 192.168.101.129
And the routing is..
ip route 0.0.0.0 0.0.0.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.101.2 150
So if port3 on the firewall fails then it will route to port4 of the firewall?
Since the firewalls are redundant, and have same virtual IP of 192.168.100.2, the default route should only be 0.0.0.0 0.0.0.0 192.168.100.2 assuming port 3 is the LAN interface of the firewall. Also is port4 "heartbeat" between the firewalls?
And the last question is that the management IP is configured on port 3 and port 4 on the firewall? Which means port3 and port4 has two IP's configured on each port?
What is port3 and port4 of the firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
infamous is on target
ASKER
Based on what has been suggested, I have come up with the following soltion:
Bridge port 3 and port 4 on the firewall (same config gor both); assign ip 192.168.100.2, gateway 192.168.100.1;
Make a single VLAN on the Cisco switch with ports 1/0/23, 1/0/24, 2/0/23,2/0/24; assign ip 192.168.100.1, gateway 192.168.100.2
Subnet mask is 255.255.255.0
What do you think?
Thanks for all your help. It is much appreciated.
Mark
Bridge port 3 and port 4 on the firewall (same config gor both); assign ip 192.168.100.2, gateway 192.168.100.1;
Make a single VLAN on the Cisco switch with ports 1/0/23, 1/0/24, 2/0/23,2/0/24; assign ip 192.168.100.1, gateway 192.168.100.2
Subnet mask is 255.255.255.0
What do you think?
Thanks for all your help. It is much appreciated.
Mark
You don't need to assign gateway on the VLAN interface.
I'm not sure how the bridge works on your firewall but if it has some kind of routing between the two, it should work.
Thanks.
I'm not sure how the bridge works on your firewall but if it has some kind of routing between the two, it should work.
Thanks.
You know I made an "assumption" that you were using a cisco firewall based on your description of the HA and the active/passive reference you made... however it dawned on my that you might be using some other firewall. So what firewalls do you have?
ASKER
I am using a Barracuda NG F300 aapliance. I am quite satisfied with it.
I want to thank you for your guidance as I understand in prinicpal what should be done. The funny thing is that I understand the problem as well as what the solution should better than the "experts" I hired.
I want to thank you for your guidance as I understand in prinicpal what should be done. The funny thing is that I understand the problem as well as what the solution should better than the "experts" I hired.
I guess I should have asked that first. I am not familiar with how that firewall operates and I was giving directions as if it was an ASA.
ASKER
Thank you for your assistance. The information was excellent.
Cheers,
Mark
Cheers,
Mark