Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 firewalls parallel on a single drop

Hi,

Our ISP will give us a single drop with two public IP blocks - one primary, one secondary. I would like to configure and run 2 firewalls:

firewallA will have a public ip from primary interface

firewallB will have a public ip from secondary interface

I'm very new to networking, and trying to find out how I can do it. We have a cisco 2901 router.

I'm considering

connect the drop to the WAN side of a router (2901)

configure both the primary and secondary interfaces on the router

configure the router in bridge mode

assign the public ips to the firewalls and connect them to the LAN interfaces of the router

Does this make sense? If not, any other way to do it? (I know I can use 1 firewall and configure both interfaces on it without the router, but I would like to know if the above setup will work).

Thanks a lot..

Matt

1 REPLY

2 firewalls parallel on a single drop

Hi Matt,

So if I understand the situation correctly, your ISP is providing you a single uplink cable and two Public ip blocks?

Using 2901 in bridge mode is basically using it a plain switch, which to me is wasting its capabilities as a Router

I would personally use First Public Subnet on the WAN interface of router and use the Second (bigger) public pool on the other LAN interface connecting to a switch and then to your multiple firewalls outside interface. So router's inside interface, firwall outside interfaces will be on the same subnet. this would give me the capability of using the two firewalls in Active Standby roles and provide failover.

that's my personal opinion, hopefully we'll get more suggestions from others.

Neeraj

494
Views
0
Helpful
1
Replies
CreatePlease login to create content