Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing question 3

Status
Not open for further replies.
arell12

arell12

Technical User
Feb 17, 2005
48
CA
We have about 10 offices and each office has dual network connections. 1 is a private line (T1) that connects all offices and the other is a High Speed internet connection. Each office will use its own High speed connection for internet traffic and the private line for all inter office communications. We also have a Citrix Branch Repeater in most offices to compress and utilize WAN bandwidth.

I have attached a picture of how it is setup now but I think that it is causing an issue with the reporting on the Branch repeater because I think that all internet traffic is crossing the BR twice.

Any ideas on how I could move the Firewall so that traffic is not going over the BR twice?

 
Sort by date Sort by votes
couldn't you put it on the second FE port on the 2821? you would give it a different address but that shouldn't matter...
 
Upvote 0 Downvote
I tried that, and when I give the FE0/1 an address of 172.16.132.20 I get an error saying it overlaps with the other interface. Do I need to change the addressing of the LAN IP of the firewall?
 
Upvote 0 Downvote
you would need to change the fe0/1 to something like 192.168.0.1 255.255.255.252 and make the firewall IP 192.168.0.2 255.255.255.252
how is routing setup? you need to change the default gateway on the router to reflect the new address on the firewall.
 
Upvote 0 Downvote
I was hoping to not have to change the IP addresses of the Firewalls, but it looks like I might have to. We use BGP on the MPLS to generate routing tables and the gateway of last resort is the firewalls so that the internet traffic goes through them.
 
Upvote 0 Downvote
yeah, I think you have to...I'm definitely not as good as some guys around here though so there may be another way to do it that I'm missing.
 
Upvote 0 Downvote
you have four options:
1) do as primeaum says and use the other fe interface on the 2821
2) use the firewall as the gateway with some static routes pointing to the 2821 for private network access
3) replace the lan switch in your diagram with a multilayer switch and use that as the gateway. you'll obviously need to re-address some devices
4) use the Citrix appliance in routed mode instead of bridge mode (i'm assuming it has that capability). again you'll need to re-address some devices.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
unclerico, thanks for the additional reply. I'm a firm believer that there is always more than one way to do things and your reply helps me learn as well!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
128
Pankaj88
Pankaj88
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
136
Zero6
Zero6
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
75
mikey789
mikey789
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
106
burtsbees
burtsbees
azrael2000
  • Locked
  • Question
quick question...re layer 3 with routing
Replies
1
Views
105
chieftan
chieftan

Part and Inventory Search

Sponsor

Back
Top