Release List Reviews Shop Join News DVD Giveaways Video Games Advertise
DVD Reviews | Theatrical Reviews | Price Search Buy Stuff Here
DVD Talk
DVD Reviews DVD Talk Headlines HD Reviews


Add to My Yahoo! - RSS 2.0 - RSS 2.0 - DVD Talk Podcast RSS -


Go Back   DVD Talk Forum > General Discussions > Tech Talk

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Reply
 
Thread Tools
Old 06-11-18, 07:18 PM   #1
DVD Talk Platinum Edition
 
Vipper II's Avatar
 
Join Date: Feb 2006
Location: Abingdon, MD
Posts: 3,064
Question for Cisco experts

It would appear I've become the primary network liaison at work, despite having no training and being kind of weak on the switching front. Thus far, I've not been able to find the right combo of search terms for Google to provide much help.

Anyway, we have roughly 60 clients with IPSec VPN tunnels to us. They only send traffic to us; we don't send actual traffic back. Having stated that, I now need to create a tunnel where they'll be sending traffic to us AND we'll be sending traffic back. For example, we should be able to ping an IP in the range they've provided, or even telnet to it. The problem is, our outgoing traffic goes through firewall A, but I need to route it through firewall B so it goes through the aforementioned tunnel. I'm guessing it'd be a static route of some type. Provided I at least know which network components need to be updated, is there a way to set a route on a Cisco switch when the destination IP is a specific address? Essentially, I want it to go through the tunnel (Firewall B) if the traffic's destination is the client's IP range, but still go through firewall A if it needs to hit the Interweb.

Does everything make sense? Can it even be done? Thank you.
__________________
"I do, I... I like her from a distance. You know, the way you like the sun. Maris is like the sun... except without the warmth."
  Reply With Quote
Old 06-11-18, 08:51 PM   #2
DVD Talk Hero
 
Join Date: May 2001
Posts: 37,226
Re: Question for Cisco experts

If I'm interpreting the question correctly: It depends, are you using a Layer 2 or Layer 3 Switch?

Layer 2 (L2) switches only deal with mac addresses which would make pointing to Firewall B for specific IPs pretty difficult. You'd have to direct all traffic to Firewall A (assuming it's an ASA) and have it do the routing, or use a good ol' fashioned router.

Layer 3 (L3) switches let you setup IP routing as a feature (depends on licensing), and you can setup a routing table to sort the traffic from Firewall A and Firewall B.

On a L3 Switch it's simple:

ip route 0.0.0.0 0.0.0.0 Firewall_A_IP
ip route 172.16.20.2 255.255.255.255 Firewall_B_IP

172.16.20.2 being the hypothetical local IP of whatever is on the other side of that VPN.

Last edited by RichC2; 06-11-18 at 09:29 PM.
  Reply With Quote
Old 06-12-18, 07:33 PM   #3
DVD Talk Platinum Edition
 
Vipper II's Avatar
 
Join Date: Feb 2006
Location: Abingdon, MD
Posts: 3,064
Re: Question for Cisco experts

Thank you mucho. Looks like it confirms what I was thinking. It's an L3 switch and it handles the routing through the network - the next hop we usually specify for IP routes is that of one of our internal ASAs; however, that ASA is for traffic coming into our environment from outside. For sending out it hits a different firewall and then the aforementioned L3 switch which has the Internet firewall as the default gateway. So in this case I'm just setting the default gateway for 172.16.20.2 to be VPN firewall instead, and of course adding the appropriate outgoing rules to it, too. Sorry, just talking this out - it's helping. Just a matter of testing everything thoroughly.
__________________
"I do, I... I like her from a distance. You know, the way you like the sun. Maris is like the sun... except without the warmth."
  Reply With Quote
Old 06-13-18, 09:40 AM   #4
DVD Talk Hero
 
Join Date: May 2001
Posts: 37,226
Re: Question for Cisco experts

Haha, no problema.

Yeah, cleanly charting it out in your own head is the most important aspect of all this.
  Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 03:01 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Copyright 2011 DVDTalk.com All Rights Reserved. Privacy Policy and Terms of Use.

Content Relevant URLs by vBSEO 3.2.0