10-24-2006 01:48 AM - edited 03-03-2019 02:27 PM
Hi,
Is it possible to assign the IP address of same segment (172.17.8.0/24) to both interface (inside, outside). NATting is not used in this router.
The router is used as a Firewall to filter out the traffic according the ACL and just forward the traffic to ISP router.
Is this setup possible? If possible what is the draw back on this setup and will I face any problem in future?
If not possible, how to implement it in another way with using same segment IP address?
Attached diagram with more details.
10-24-2006 02:32 AM
Hi,
If you are routing you cant have the same network on two interfaces.
You would need to look at deploying your router / firewall in a transparent mode. I.e. it is just a drop in at layer 2.
This depends on what hw and sw you are running though. Couldnt open the attachment. What are you running?
Cheers,
Tim
10-24-2006 04:49 AM
Well you may need a router which is transparently bridging and acting as a firewall. You can use IRB and then turn on the CBAC on the router
This link should help you.
http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00805b8873.html
10-24-2006 08:28 PM
Hi,
Thank you very much for reply.
I have tested the Transparent IOS Firewall and it works great.
As of now I have tested with icmp only.
The BVI1 is configured for remote access to the router for applying ACL and to monitor the router.
I have attached the test config and diagram.
Can you please check the config and see if I am missing any thing or some of the setups, which will not work in real environment.
Thank you.
10-24-2006 08:50 PM
Well it looks fine to me however i myself havent worked a lot on this. I think the best thing would be to test in the network and see if it works.
10-24-2006 09:33 PM
Hi,
Thank you very much for the help.
I`ll test it out with other applications and will let know the results.
Thank you.
10-25-2006 01:51 AM
Hi,
I tested the Transparent IOS Firewall with other applications it is working well.
But first I faced little problem, initially I disabled the IP CEF and IP ROUTING and tested the Internet traffic, I was able to access the web sites, but after some time the router crashes and reloads and gives bus error messages.
Then I enabled the IP CEF and IP ROUTING and tested the Internet traffic; there was no problem with router and every thing worked fine.
Does ASA 5500 series Adaptive Security Appliance supports the Transparent Firewall?
Thank you.
10-25-2006 03:29 AM
yes the asa also supportes transparent firewall
10-25-2006 04:49 AM
Is there any link for explanation and config details for ASA?
10-25-2006 05:23 AM
Sure... Please follow the link below:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a0080450278.html
BTW, I'm impressed and glad to see the IOS Transparent Firewall, I only thought that ASA / PIX is having Transparent Firewalls.
Regards,
Wilson Samuel
11-19-2006 06:37 PM
Hi,
I implemented the transparent firewall and it worked well.
But I faced problem in our backup line.
When our main line goes down, the ISP router re-routes the traffic to backup router.
The ping test from client to server in H.O worked perfectly thru backupline.
But the applications are not working.
The current setup is, the ISP router lan cable is directly connected to Transparent firewall interface (outside/wan side).
Transparent firewall interface (inside/lan side) is connected to L3 switch.
Backup line lan interface is connected to L3switch.
L3 switch default gateway is ISP router lan interface ip address.
All client pc`s default gateway is L# switch.
So when the main ISP line (wan) goes down, ISP router re-routes to backup line, as the application packets from client pc passes thru transparent firewall and ISP router forwards it to backup router.
But in transparent firewall, the sessions are already there and when the same packet enters the transparent firewall from wan side interface, I think it drops/blocks the packets.
Is it correct?
How to rectify this problem?
Is it OK if the backup router lan interface is shifted in-between to ISP router and transparent firewall, connecting all the three with a hub?
Thank you.
11-19-2006 06:52 PM
11-22-2006 01:11 AM
Any suggestions please ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide