Solved

Setting up a network with multiple VLans and IP Routing

Posted on 2013-11-11
2
248 Views
Last Modified: 2013-12-16
Greetings,

I have a Cisco 3750X with IP Software.  Currently I have 2 VLANs,  one internal and one external, and a Cisco ASA Firewall connected to both.  Here are some partial configs:

Switch:
VLAN101 (External)
  no ip address
VLAN102
  ip address 192.168.0.1 255.255.255.0
VLAN103
  ip address 192.168.1.1 255.255.255.0

ip routing
ip route 0.0.0.0 0.0.0.0 192.168.0.5 1


Firewall #1:
Interface G0 (External)
  ip address (public IP address)
Interface G1 (Internal)
  ip address 192.168.0.5 255.255.255.0


Firewall #2:
Interface G0 (External)
  ip address (public IP address)
Interface G1 (Internal)
  ip address 192.168.1.5 255.255.255.0


If I want to introduce a second Firewall with the external interface in VLan 101 and it's internal interface in VLan 103, how do I add route(s) to the switch to let users in Vlan103 use the 192.168.1.1 as their default gateway and have outbound traffic going out through 192.168.1.5 with declaring that IP as the default gateway on the devices?

Thanks!
0
Comment
Question by:TCNinja
2 Comments
 
LVL 3

Expert Comment

by:Libipappachen
ID: 39640849
Hi,
      Your question is not clear, as per my understanding we can use PBR to do the work.
You can use policy-based routing (PBR) to configure a defined policy for traffic flows. By using PBR, you can have more control over routing by reducing the reliance on routes derived from routing protocols.

BR,
Libi
0
 
LVL 12

Accepted Solution

by:
Infamus earned 500 total points
ID: 39646079
You should configure default gateway as 192.168.0.5 for devices connected to vlan 102 and default gateway  as 192.168.1.5 for devices connected to vlan 103.

Basically, you have to assign firewall's LAN interface IP as default gateway, not the vlan interface of the switch.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now