We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 623 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

407 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,

    I have a question and it’s not in any of the subjects, maybe you can answer it.
    I have a router with 2 interfaces:
    G0/1–> ip address 172.16.254.6/30, G0/2–> 172.16.254.2/30, running OSPF. G0/1 Connects to my MASTER firewall with ip add 172.16.254.1/30 and G0/2 connects to my SECONDARY firewall with ip address 172.16.254.1, the firewalls are configure HA. If I try to configure G0/2 with an ip add of 172.16.254.3 it gives me an error. How can I make this scenario work with the 2 interfaces and the firewalls? or Do I need to get a switch module with 2 in

    ... Continue reading in our forum

  2. Hi Alfredo,

    The interfaces on a router are “routed ports”, each interface requires an IP address in a unique subnet. 172.16.254.3/30 is in the same subnet as your first interface and it’s also a broadcast address. You’ll have to use a larger subnet, /30 only offers you two IP addresses. A /29 would work.

    Somehow you need to add the interfaces of the two firewalls and the router in a single broadcast domain. You can’t turn the routed ports into switchports so a switch module is not a bad idea…or create a VLAN on a switch and connect the firewall + router interfa

    ... Continue reading in our forum

  3. Thanks for confirming and also thinks for that added bit at the end about would match everything.

    I was almost thinking just to conform with best practice it would be good to add the permit everything just to conform with best practices but did not think from that perspective that it would then include that as well. You might have saved me from a possible booboo!

  4. Hi Laz,

    Thanks for your answering and clearing this up for me. Yes, it makes perfect sense and provides clarity to my doubts in logic. I thought this was the case. However, a second opinion from the experts is always a great way of confirmation. I will go and have a play with this again and see if I can produce the right results in my lab. Very many thanks for the clarification.

    Floyd

  5. Hi Laz,

    In my lab environment, I am able to use policy-based routing to push routes from internal VLANs to one single IP gateway and it works like a charm. My issue now is: I am trying to implement a DMZ in my lab. From the diagram, you will see that all the the default traffic is sent to the firewall from LAN to Internet (That is working fine as it’s just a default route). Routes from the firewall to the internal LAN is flowing well via firewall routing using (router on a stick method).

    Therefore traffic is flowing from LAN to internet - OK
    From Firewall to

    ... Continue reading in our forum

33 more replies! Ask a question or join the discussion by visiting our Community Forum