Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
5
Replies

Setup 3560G vlan and routing for load balancer

Boon Keat Gan
Level 1
Level 1

‎03-11-2014 02:08 AM - edited ‎03-07-2019 06:38 PM

Dear All,

We have 2 different environment setup with different firewall and isp. It did not connected to each other. We engage our vendor to setup load balancer switch to manage the outgoing and incoming traffic. The load balancer switch only have 3 network port, 1 connected to isp 1, 1 connected to isp 2 and only left 1 port for our firewall to be connected. So the ideal is to setup cisco 3560g in between the firewall and connect them together. I have attached the diagram to make it clear.

In this case, if I assign different vlan for firewall 1, firewall 2 and load balancer. And do all (0.0.0.0) routing to load balancer. Will it work? Anyone can please enlighten me?


Thank you very much!

Labels:
0 Helpful
5 Replies 5

JohnTylerPearce
Level 7
Level 7

‎03-11-2014 04:39 AM

Boonkeat,

 Are ISP1 and ISP2 different ISPs? Also, do you have public Provider Independent address space or Provider Assigned address space?

 

What is the default route on each Firewall? I'm assuming it is probably the Load Balancer. I'm not sure how your Load Balancer works, many copies make devices like that. Do you have a brand by any chance and or model number?

0 Helpful

Boon Keat Gan
Level 1
Level 1
In response to JohnTylerPearce

‎03-11-2014 05:37 PM

Hi John,

Thanks for reply.

1. Yes, ISP 1 and ISP 2 is different ISP and have different ip assignment (203.68.x.x and 203.28.x.x)

2. The default route on FW1 is set to 0.0.0.0/0 203.68.1.254 and FW2 is set to 0.0.0.0/0 203.28.1.254

3. The load balancer model is ELFIQ LB-550 (The link shown LB-600 http://www.elfiq.com/lb600b)


We are struggle to setup a switch in between this 2 firewall because the load balancer only have 3 ports. If it have 4 ports, everything will be easier.

0 Helpful

Boon Keat Gan
Level 1
Level 1
In response to Boon Keat Gan

‎03-11-2014 07:52 PM

I was thinking of doing multiple vlan in 3560G, example as follow:-

FW1 port tag to VLAN 2

FW2 port tag to VLAN 3

LB port tag to VLAN 1 (Assume it have ip address of 192.168.1.1)

Then the routing 0.0.0.0 0.0.0.0 192.168.1.1 set in 3560G. Will it work? How about incoming traffic? The LB must have routing set in their configuration?

 

 

Preview file
45 KB
0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Boon Keat Gan

‎03-12-2014 04:40 AM

Boonkeat,

 Sorry I didn't reply earlier, I've been pretty busy at work. The loadbalancer2.png looks good as far as getting traffic to the load balancer. Now obviosuly I don't know how this loadbalancer is suppose to receive LAN traffic, but as far as getting traffic to the load balancer it looks good in your specific situation of the load balancer only having three ports.

 

All outgoing traffic through ISP2 should not be a problem, but you have all incoming traffic coming to ISP1. How are you doing this part? Are all your "services" on ISP1 IPs? If so then that should work perfectly fine, as long as your not statically NATng these to ISP2 this should be fine as well.

 

 

0 Helpful

Boon Keat Gan
Level 1
Level 1
In response to JohnTylerPearce

‎03-12-2014 05:36 PM

Hi John,

Thanks for reply. It is alright. I think the diagram i attached is the concept, i not sure will it work. I am setting up GSN3 to simulate the environment.

 

All the incoming services is based on ip and will not NATng to ISP2. I think the load balancer will handle the traffic if ISP1 is down, all incoming and outgoing will going through ISP2.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card