Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Routing networks through vlan to allow content filter

Posted on 2007-03-21
3
Medium Priority
?
636 Views
Last Modified: 2008-05-15
I have a few questions regarding something i would like to setup/change.  I would like to block web access from all our IP-VPN connections. Currently we are provided a private IP-VPN solution through Bell.  They have a cisco router here that attaches to our Lan.  I have a Sonicwall Router/Firewall device as out gateway and edge device.  I would like to use the content filtering feature of the Sonicwall but in order to do this i must turn on the content filter on the Lan zone to block the websites and such.  This causes a problem because i do not want to restrict our local Lan with this service.  The sonicwall's have other interfaces that i can plug the Bell service into but i don't have access to change the Lan IP of their router so i need a way to route traffic to it.  I assume i can create a vlan or two on our cisco 3560 to enable what i need.  I have attached a quick sketch of our current setup, i'm just not sure the best route.

The problem that i face is in order to hookup the IP-VPN network to the new soniocwall interface it must be a different subnet.  So i would assume i need to find a way to route between the two.  Do i use vlan's? is there a better way?

INTERNET
     |
     |
Sonicwall
     |
     |
Cisco 3560 ----------------- Bell router (Lan IP 192.168.1.70)-------------------WAN connected to 10.0.0.0
     |
     |
   LAN

Local subnet is 192.168.1.0/24

Do i create a vlan on the cisco 3560? Do i hookup the bell network directly to the interface on the sonicwall?

thanks in advance
0
Comment
Question by:lgropper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 18770560
Several issues here. Since all local LAN IP's are 192.168.1.x, I assume that you don't want to change those.  And you can't change the LAN IP of the Bell router. Can you call Bell and ask them to change it? After all, you are paying them for it. That would be the simple solution and then you can plug it right into one of the sonicwall ports.

VLAN's are not the answer because the vlans should be different IP subnets, too, and the Sonicwall must be able to support vlan subinterfaces.

Since you really only want to filter the 10.0.0.0 subnet traffic, can't you setup the Sonicwall to only filter by source IP address? Or is it all or nothing attached to the physical interface? It would be a piece of cake with a Cisco firewall, but unfortunately I don't know SonicOS
0
 

Author Comment

by:lgropper
ID: 18771155
I am in the middle of speaking with bell to have the interface IP's changed, i just didn't want them to touch anything working because they cause major problems all the time.  My thoughts were the same...

I was thinking vlan's because i could create another subnet and route between them but its more of a patch then an answer.

The sonicwall's content filtering only works per zone + Physical interface.  If the traffic is passing through our LAN interface along with our  local subnet when i turn on the filter it blocks both,  just not that intelligent.

I spoke with sonicwall and there doesn't seem to be a way to filter by IP for the content filtering service... Firewall and other such things not a problem.

This should be such an easy task.... geez.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18771182
It is an easy task with Cisco products <grin>
<8-}
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question