I have a Cisco ASA firewall & Core Router (Cisco 3845)in Head office connected to multiple branch offices (Cisc0 1841) in Serial interface of Core Router.
I am facing the problem that the traffic between branch offices (Ex. Branch-1 and Branch-2) is directly happening without passing or checking the Firewall as Firewall is in the LAN interface of the Core Router
I want the Branch to Branch traffic also should pass through Firewall. How to achieve this?. What is the general practise.
Please check the attached Diagram for reference.
Hello R.B. Kumar,
one way to do this is to use VRF lite concept:
each branch router is placed in a different VRF that is a separated routing table with its own subset of interfaces and routing protocol instances (if needed).
the subset of interfaces should include:
the serial interface for the branch office x and a Vlan subinterface on the link towards the ASA.
In this way traffic from Branch X to Branch Y needs to go via the ASA.
Be aware that if they need also internet access it is still the ASA that needs to provide them a NAT pool to each Branch office.
Hope to help