06-28-2010 12:40 AM - edited 03-11-2019 11:04 AM
Hi all,
I am planning to use ZBFW in my network but I face a problem with "extending the legs" for ZBFW. I have two router, Router A is a L3 switch and is configured with all the IPs, Vlans and current ACL list. Router B will be added to the existing topology and configured with ZBFW. All Traffic is expected to flow through Router B before reaching Router A.
Once I have created the different zone on router B, how can I apply this configuration so that I can control traffic between different vlans in router A??? As the documentation from cisco, as I understand cisco expect all the invidual vlans and zone base configuration should be on the same router and not separate.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
Thank you very much in advance.
Mike.
Solved! Go to Solution.
07-02-2010 10:50 AM
Mike,
I'm slightly confused about the topology based on your description below. Please confirm if this is indeed your topology:
ClientVlanX -> Router A (L3 Switch) -> Router B (with ZBF) -> Internet
ClientVlanY->
If you trunk the link between Router A and Router B, to include multiple Vlans (ie X and Y), you can configure sub-interfaces on the Router B. With the sub-interfaces, you can assign each sub-interface to a different zone. You would then specify different zone policies that define what traffic is allowed between ZoneXY and ZoneYX.
If this doesn't completely answer your question, please provide me more information about your topology and requirements and I'll do what I can assist.
Best Regards,
Kevin
07-02-2010 10:50 AM
Mike,
I'm slightly confused about the topology based on your description below. Please confirm if this is indeed your topology:
ClientVlanX -> Router A (L3 Switch) -> Router B (with ZBF) -> Internet
ClientVlanY->
If you trunk the link between Router A and Router B, to include multiple Vlans (ie X and Y), you can configure sub-interfaces on the Router B. With the sub-interfaces, you can assign each sub-interface to a different zone. You would then specify different zone policies that define what traffic is allowed between ZoneXY and ZoneYX.
If this doesn't completely answer your question, please provide me more information about your topology and requirements and I'll do what I can assist.
Best Regards,
Kevin
07-05-2010 08:53 PM
Hi,
thanks for the insight. i think its the correct way to do it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide