We have a firewall attached to our core switch on two ports, one going from the switch to the firewall to our main cisco router, and the other has been used as a management port for the firewall.
On the switch I'm trying to make route the traffic of a specified network (class B private) to the port used for managing the firewall. This is for return VPN traffic. As of now it the traffic is returning assynchronously through the switches default gateway. I set an IP routing protocol (ip routing is enabled) that sets the next hop for that network to the ip of the management port, but no dice. Any ideas? Will I have to mess with subnets?
It is a little difficult to make out what you are trying to accomplish from your post. Are you able to provide us with a diagram of current and desired traffic flow? It is quite odd to try and route the return vpn traffic to the management interface on a firewall, you should be routing the return traffic to the next hop of the non management interface on the firewall.
Bear with me here as I am tyring to work with the information you have provided.
My apologies for the vagueness. I'm trying to force the routing of a specific network broadcast domain back to where the traffic originated from, from the same port that it originated from. Right now my VPN traffic is coming in the correct way and leaving out our main default gateway out our fiber connection, despite the IP Routing being enabled and destination network / gateway address being specified.
The management port on the firewall is a standard L3 port with an address specified for the port, and a seperate IP address for the management interface. It should allow non maangement traffic through.
It's very odd that on the core switch, 3560, I can ping the interface on the firewall that the vpn traffic is supposed to return through, the static rout appears to be set correctly, ip routing is enabled in the running-config, yet it's hitting the default gateway instead of the specified next-hop ip address of the intended firewall interface.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...