Community Member

Routing problem

Our company is divided into two buildings, in each buiding there is a router, one routing and the other is routing Inbetween them there is a third router connected to the other two on to the first and to the other. Now our servertechnicians want to put a firewall in both the buildings, connected to the router in that building. The firewalls is to be Loadbalanced and they has to be on the same subnet (eg. How can I do this? Can I somehow have a subnet on two interfaces on two separate routers?? Do I have to use VLan? I dont want any unnessecary trafic between the two buildings.

Community Member

Re: Routing problem

You sometimes can have two subnets on one interface but you can only have one VLAN per interface.

What kind of routers are you using?

I would suggest keeping it simple, keeping your routers in each building and replace your router connecting the other buildings with one f/w that will allow routing as well and perform your blocking there.

Does this help?

Kai Nicholls

Community Member

Re: Routing problem

I forgot to mention that there is an internet connection in each building. The two firewalls will be connected between the internet connection and the router in each building.

Community Member

Re: Routing problem

the way I understood it looks like this:

building1 <=> router1 <-- router 3 --> router2 <=> building2

and you want it to look like:

Internet Connection nr 1 Internet Connection nr 2

|| ||

firewall 1 firewall 2

|| ||

building1 <=> router1 <-- router 3 --> router2 <=> building2

Is it not easier to use a single internet connection connected to router3??

Anyway, you can put your firewalls on a separate VLAN and then put router 1 and 2 on the same VLAN and achieve what you want to achieve. Though switches connecting it all must support VLAN.

Now when it comes to loadbalancing, I'm not sure what you mean, there are tons of ways you can load balance, you will have to be a bit more accurate.

I don't understand why you have 3 routers, to me it seems to be enough with a single one.. that single should do as firewall as well. It would be great if you could explain the topology of your network and the equipment used a bit more thorough.



btw, svensk??

Community Member

Re: Routing problem

I left out what I considered as unnecessary info. But since you asks:

We actually got 5 layer3-switches but I call them routers, I know this is wrong but for our needs they are as good as real routers. Our company is divided into 4 buildings.

Building1: Router1 (Cisco 4908G-L3) routing traffic between the buildings. Router2 (Cisco 3550-12G-L3) routing networks inside building1 and is connected to Router1. Internet Connection1 connected to Microsoft ISA 2000 firewall that is connected to Router2.

Building2: Router3 (two stacked 3com 4900-L3)routing networks inside building2 and is connected to Router1. Internet Connection2 not connected.

Building3: Router4 (Cisco 3550-24-L3) routing networks inside building3 and is connected to Router1.

Building4: Router5 (Cisco 3550-24-L3) routing networks inside building4 and is connected to Router1.

1500 PC's running MS XP and 16 servers running MS Server 2003.

Now we are going to connect the unused Internet Connection2 in building2 to a new MS ISA 2000 Firewall and connect the firewall to Router3. We are going to use MS Server 2003 native load balancing, but the two firewalls has to be on the same subnet for it to work. So I hoped that i could get the same subnet on router2 and router3, but I dont know how to do this, if its even possible.

I can move the firewall in building1 from router2 to router1 since router1 and router3 is sharing a subnet and it will probaply work fine, but even better if the two firewalls could be connected to router2 and router3.

Kristian, javisst.

