Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Routing inside the LAN

Hi,

I need some advice on a special LAN scenario. Maybe it's very easy but I cannot see it clearly.

We want to place a firewall in our Corporate LAN to protect some corporate WAN connections. These WAN connections are handled by several routers. Of course, we're going to place physically this firewall behind the LAN interfaces of those routers. The problem is that one of those routers is in another buliding and we cannot move it closer to the firewall.

So what I want to know if it's possible to force traffic coming from that router, be routed direct to the firewall through the LAN.

Thanks in advance

P.S: If it's possible, I'd like a solution not using VLANS

6 REPLIES

Re: Routing inside the LAN

Need more info on your network. How are your LAN-segments arranged?

What paths are available for the proposed traffic?

Leo

Silver

Re: Routing inside the LAN

We've got ATM backbone running LANE. 5 VLANS. Core has one Cat5500 with ATM module, two LightStream 1010 (connecting ATM E3 link), three Cat3200.

Router

|| (Eth)

||

Cat3200

||(ATM)

||

LS1010

|| (ATM E3)

||

LS1010-Cat5500

||(Eth)

||

Firewall

Traffic from router is destinated to inside Corporate LAN, but I want to force it first passes through the firewall.

Re: Routing inside the LAN

The best way to accomplish this would be to make a connection via fiber.

You can then patch the router physically to the firewall-outside using fiber-UTP converters. Do you have a fiber to spare?

The allowed distance for this connection will be 2km. Is that in range?

If you cannot meet these requirements, you should configure an extra vlan on which you only connect the router and the firewall.

Regards,

Leo

Silver

Re: Routing inside the LAN

No chance to additional cabling. So I think I'll have to use VLANs although I don't want . My post was intendend to find a solution doing some "routing tricks" in the router if were possible.

Re: Routing inside the LAN

Hi,

just an idea:

L3 tunnel (interface Tunnel0 in router config).

But it requires another Cisco router on the other side. Maybe it would be possible to configure a "tunnel" through the firewall to another router and route the traffic back to the Corporate LAN via firewall then.

But it would be pretty complicated and VLAN using is probably an easier and safer solution.

Regards,

Milan

Silver

Re: Routing inside the LAN

Thank you Leo.

Thank you Milan.

I'll try to get some information about tunnels.

Regards,

jolmo

162
Views
3
Helpful
6
Replies