adding a hop
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

adding a hop

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
PL
Guest
PostPosted: Tue Mar 25, 2008 5:35 am    Post subject: adding a hop Reply with quote
I'm additing a router hop (for policy-based routing) to my network and
have a few questions...

First, the old config:

T1-router-A
|
|
ASA-firewall
|
|
-------
| |
LAN DMZ

Instead of trying to make up ip addressing schemes for this exercise,
let me just label the interfaces this way:

T1-router-A [NET_1]
ASA-firwall [NET_1,NET_4,NET_5]
LAN [NET_4]
DMZ [NET_5]


Now, the new config:

T1-router-A T1-router-B
|_______________|
|
|
PBR-router
|
|
ASA-firewall
|
|
-------
| |
LAN DMZ

T1-router-A [NET_1]
T1-router-B [NET_2]
PBR-router [NET_1,NET_2,NET_3]
ASA-firwall [NET_3,NET_4,NET_5]
LAN [NET_4]
DMZ [NET_5]

For simplicity, let's just say that all LAN clients will be routed
through T1-router-A and all DMZ clients will be routed through
T1-router-B. Currently, the ASA performs all translations from NET_4
to NET_1, some clients have statics, others don't. Since I'm putting
in the PBR-router, it adds a hop, so the ASA can't keep the same
translations, right? Do I have to translate twice now? ASA will
translate from NET_4 to NET_3 and the PBR will translate from NET_3 to
NET_1? Is there a simpler way of doing this?
Back to top
p_teatreeoil
Guest
PostPosted: Tue Mar 25, 2008 5:59 am    Post subject: Re: adding a hop Reply with quote
You shouldn't have to do any additional NAT translations. I'm
assuming that currently, you are using public IPs from the same subnet
for your links between the T1 router and the firewall.

Just move the IP on the first T1 router to the interface on the PBR
router that connects to the firewall. Assign any /30 IP blocks you
want to the links between T1A and T1B and the PBR router (I'm assuming
you're using separate interfaces). Put static routes in the T1
routers pointing the public NAT to the PBR router outside interface
and also one in the PBR router pointing to the outside firewall
interface.

The original config is easy because the T1 router knows how to get to
the LAN because it is a connected route. Since they won't be
connected anymore, you'll have to use statics.
Back to top
Merv
Guest
PostPosted: Tue Mar 25, 2008 8:51 am    Post subject: Re: adding a hop Reply with quote
why would you not just connect T1-router-A to T1-router-B directly
and hand-off whatever traffic you want by configuring policy on A ?
Back to top
Merv
Guest
PostPosted: Tue Mar 25, 2008 9:15 am    Post subject: Re: adding a hop Reply with quote
Is the new T1 going to your current ISP or a new ISP ?
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory