Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP Design scheme

Hi Guys,

I would like a help regarding to  IP addresses in our Core Router (Cisco 2911), see the diagram attached.

Currently, we are doing a migration plan of our data center, that's new diagram, but we faced out a problem to set the IP addressES. We have to set an IP between the Core router (Cisco 2960) and the switches (Cisco 2911) to do the communication, but we cannot set the subnet 192.168.1.x, because it's the subnet to the int g/01 192.196.1.5 towards to Firewall and also we cannot change the subnet of our internal network...Switches, Servers

Do you have any idea how to figure out that?

Tks in advance! Vini

7 REPLIES
New Member

IP Design scheme

Vini,

first thing first, i recommend you not to publish your real public ip addresses here, you can use xxx on 2nd or 3rd octates to mask it.

when it comes to you problem, you dont have many options,

1) you should change the ip address of the router g0/1 connecting to firewalls , that would be the easiest approach.

2) can you split the /24 into smaller pieces such as 4 x //22 or 2 x /23

3) get rid of the router. just connect switches to firewall pair directly and connect the router to Firewalls which is going to Melbourne/Sydney

New Member

IP Design scheme

Hi there,

The goal is to control and manage the traffic from Melbourne / Sydney to the Internet that why we placed a router between firewall and WAN/Servers.
The Cisco Router 2911 comes with 3 gigabit ports as standard, the IT system administrator told if we install a module 4-Port Cisco EtherSwitch HWICs, we could set the IP subnet 192.168.1.x... coz it's in a different module...Do you think is that make sense?
Tks for your reply!!!

New Member

IP Design scheme

no you dont need an extra card.

you can create an bvi on the two ports of the 2911 and connect those two ports to FWs

and connect to sw to ASA directly for 192.168.1.0/24 network. if you dont want to change any address currently existing.

New Member

IP Design scheme

Ok, it's make sense, but if I connect the ASA firewall directly to the SW, I'll be able to control the traffic/monitor to the network 192.168.1.0/24?...as I mentioned the main goal of the router 2911 is control the traffic between WAN / net 192.168.1.0 and firewall.

New Member

IP Design scheme

in this case, you squeeze the router in between switch and ASA but re-ip the connection.

ex; ASA inside 10.1.x.1/29 <---> 10.1.x.2/29 Router 192.168.1.1/24 <----> Switch (192.168.1.0/24)

                                                                        (192.168.x.0/24)

                                                                           I

                                                                           I

                                                                      WAN(192.168.x.0/24)

makes sense?

New Member

IP Design scheme

please rate if that helped.

Thanks

New Member

IP Design scheme

As we cannot change any ip address, the best approach is to connect the switches ----> Firewall

Thanks for your help!

268
Views
3
Helpful
7
Replies
CreatePlease to create content