Edison

Thank you for your help.

Could you say if I can use the fa if on the 1841 and a fa if on the 878 instead of using a transparent switch?

Thank you

Frederic

Frederic

Not sure what you are asking here. If you want to have the 1841, 878 and the FW on a common subnet then you will need a switch to connect them all.

For HSRP you would use the fa on both routers, connect them into the switch and connect the FW interface into the switch as well.

Jon

Hello

Maybe this drawing may help you understanding my problem.

WAN----1841

\switch----UT IF Firewall

/

WAN---- 878

Or can I do the next:

WAN----1841----\

| \

| UT IF Firewall

WAN---- 878-----/

In this setup I wont use the switch but make a connection with an ethernet cable between the 1841 second fa interface and a second fa IF on the 878, all in the same VLAN.

Thanks for the help.

Good replies will be awarded

Greetings

Frederic

Oops, there goes my drawing.

An other try...

I would make an ethernet connection between: fa0/0 on the 1841 and the UT on the FW

fa0/0 on the 878 and the UT on the FW

fa0/1 on the 1841 and the fa0/1 on the 878

Good or bad idea.

STP won't be a prob since 2 of the 3 connections are L3

Greetings

Frederic

Frederic

Could you just clarify

1) What is the UT on the firewall. Do you have multiple interfaces on the firewall because you are talking about connecting the 1841 to the firewall and the 878 to the firewall separately.

2) Do you intend for the firewall to participate in HSRP because as Edison pointed out it won't as HSRP is cisco proprietary.

Jon

Hello

Sorry if my info is incomplete.

There are 2 UT(untrusted) interfaces on the firewall(info from the client)

I don't need HSRP on the non-Cisco firewall.

Thanks for the info

No problem.

You need a common subnet for HSRP. So you would need to pair up your interfaces

1841 fa0, 878 fa0 + 1 UT interface = 1 subnet

1841 fa0/1, 878 fa0/1, + 1 UT interface = 1 subnet

And to achieve the above you would need a switch.

But i'm not sure this is what you want. You wrote

"STP won't be a prob since 2 of the 3 connections are L3"

To run HSRP you need to make them L2 connections so they can be in the same subnet.

Could you explain exactly what it is you are trying to achieve.

Jon

Jon

Thank you for the input.

What I like to do is to connect the firewall to the WAN using two connections, one as primary and the second as back-up.

I thought that I could use the switch ports on the routers and make a L3 between the routers and the firewall.

If there is no other solution than using a switch well than I will use a sw...

Thank you

Frederic

Frederic

Ah okay, then if this is what you want to do you don't need HSRP at all. And you wouldn't need to connect the 1841 to the 878.

HSRP is used for end hosts to have a virtual address. But if you are going to be using L3 connectivity between your firewall and the routers then it becomes largely redundant.

The question then becomes how are you going to ensure one UT is used for primary and one for backup. Does the firewall support a routing protocol such as OSPF and what routing protocol are you using on your WAN router ?

Jon

Jon

Thank you for yor answer.

I will check this with the client.

Thanks