Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Internet Connection for Public Library

Unanswered Question
Jun 10th, 2009
User Badges:

I need some help on how to deploy this setup. The fios internet connection was installed in our data center but the public users are located on the other end of our network. Hence, this connection needs to traverse thru our internal network. I would like this internet traffic to not be visible internally. Do I use 2 firewalls? one on the DMARC end and one on the public users end? Please advise. Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Wed, 06/10/2009 - 08:42
User Badges:
  • Red, 2250 points or more

Hello Abraham

How are the closets/switches between the edge (where the public users are sitting)and datacenter connecting ? If you are running a trunk between these buildings, you can just assign a Layer 2 VLAN called "Guests" and trunk it over to the datacenter and directly terminate it either on the core switch or the firewall. By doing this , layer 3 visibility of the internet traffic can be avoided. you dont need additional firewalls here, but it really depends on your connectivity..

Hope this helps.. all the best.. rate replies if found useful.


Abraham Lagmay Mon, 06/22/2009 - 05:55
User Badges:

Hi Raj, The traffic goes thru several hops from the library to our data center via layer 3 switches. How can I prevent the public users from our internal network? Don't I need 2 firewalls at each end? If I do, how it the public users FW configured?

C:\Documents and Settings\>tracert

Tracing route to car-jrl1.xxx.com []

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms []

2 <1 ms <1 ms <1 ms []

3 <1 ms <1 ms <1 ms

4 <1 ms 1 ms <1 ms []

Trace complete.



srue Mon, 06/22/2009 - 06:51
User Badges:
  • Blue, 1500 points or more

VRF? Policy based routing? VPN?

Abraham Lagmay Mon, 06/22/2009 - 07:47
User Badges:

None of those. I just want to isolated the public internet users from our internal network. The porblem is these users have to traverse thru our internal network to access the fios internet. I have FW setup on the datacenter side where fios terminates. Thanks!

ronshuster Mon, 06/22/2009 - 08:13
User Badges:


If you want to limit a specific vlan from accessing the company's internal resources, why don't you create an access-group on the vlan interface and only grant them access to the Internet. That will work.


This Discussion