Link to home
Start Free TrialLog in
Avatar of lgropper
lgropper

asked on

Routing networks through vlan to allow content filter

I have a few questions regarding something i would like to setup/change.  I would like to block web access from all our IP-VPN connections. Currently we are provided a private IP-VPN solution through Bell.  They have a cisco router here that attaches to our Lan.  I have a Sonicwall Router/Firewall device as out gateway and edge device.  I would like to use the content filtering feature of the Sonicwall but in order to do this i must turn on the content filter on the Lan zone to block the websites and such.  This causes a problem because i do not want to restrict our local Lan with this service.  The sonicwall's have other interfaces that i can plug the Bell service into but i don't have access to change the Lan IP of their router so i need a way to route traffic to it.  I assume i can create a vlan or two on our cisco 3560 to enable what i need.  I have attached a quick sketch of our current setup, i'm just not sure the best route.

The problem that i face is in order to hookup the IP-VPN network to the new soniocwall interface it must be a different subnet.  So i would assume i need to find a way to route between the two.  Do i use vlan's? is there a better way?

INTERNET
     |
     |
Sonicwall
     |
     |
Cisco 3560 ----------------- Bell router (Lan IP 192.168.1.70)-------------------WAN connected to 10.0.0.0
     |
     |
   LAN

Local subnet is 192.168.1.0/24

Do i create a vlan on the cisco 3560? Do i hookup the bell network directly to the interface on the sonicwall?

thanks in advance
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lgropper
lgropper

ASKER

I am in the middle of speaking with bell to have the interface IP's changed, i just didn't want them to touch anything working because they cause major problems all the time.  My thoughts were the same...

I was thinking vlan's because i could create another subnet and route between them but its more of a patch then an answer.

The sonicwall's content filtering only works per zone + Physical interface.  If the traffic is passing through our LAN interface along with our  local subnet when i turn on the filter it blocks both,  just not that intelligent.

I spoke with sonicwall and there doesn't seem to be a way to filter by IP for the content filtering service... Firewall and other such things not a problem.

This should be such an easy task.... geez.
Avatar of Les Moore
Les Moore
Flag of United States of America image
It is an easy task with Cisco products <grin>
<8-}