Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

How does FIrewall work in this situation

I have 2 WAN Routers in HSRP, one for T1 and the other for T3.

They both connect to a Switch, the switch connects to 2 different Firewalls on the same segment.



If I have Nat Policies setup on both Firewalls, which Firewall will the Router know to go to ?

I'm just wondering how do communication works and how this would work ?


Re: How does FIrewall work in this situation


Well it kind of depends on your configurations. Are your firewalls setup to be redundant? What kind of routes do you have on your routers? Do your firewalls have different nat policies or are they trying to do nat for the same ip addresses. Are the nat policies using ip address located on the lan with the hsrp address or are they natting using other ip's that requires the routers to route to the appropriate firewall.

If you post your configs for your routers and firewalls Of course scrub them for sensitive information substituting anything public. The CCO group will try to explain it.

Patrick Laidlaw

Please rate any posts that were helpful.

Re: How does FIrewall work in this situation

If a firewall has a NAT setup for a particular public IP address, then it will respond to ARP from either router for that IP.

So this setup is fine provided you have no address overlap between firewalls. If you do have overlap then it becames a race and completely unpredictable.


Re: How does FIrewall work in this situation

The best thing to do is to configure the firewalls as a failover pair. That way the router(s) just see the two firewalls as one device.

pls rate!

CreatePlease to create content