Vwire linking a L2 network

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Vwire linking a L2 network

L2 Linker

Security dictates I have an L2 network that is electrically separate from my production network, i.e a separate set of switches with no connection to production and is used for management of infrastructure devices only.  I now am setting up a second data center in another city.  I'm fortunate in that my remote data center has been physically located in my local data center and my network stack is complete and tested.  Unfortunately, I've existed with this configuration and my management network is all one big happy L2 network.  My L2 network is called nmnet (network management network) and contains devices staying locally and devices moving to the remote data center.  My problem is twofold:

  1. I don't wanti to re-IP all my network management interfaces
  2. I want to keep this network intact as my address space is 192.168.x.0/24, so in essence, I want to tunnel across the internet

I have equal firewalls at both sites.  I have a firewall in front of my data center, an internal dmz firewall and an external dmz firewall.  I call these DC, DMZI and DMZO respectively.  Traffic flows "south to north" from my DC to DMZI to DMZO firewalls locally and "north to south" from my DMZO to DMZI to DC firewalls remotely - and vice versa.

Can I create a set of vwires through my firewalls to my DMZO firewalls and use an IPSec tunnel between my two site DMZO firewalls?  Here's my scenario:

DC firewalls:

•    ethernet1/2=nmnet-vwire, zone=z.nmnet, physical connection=nmnet L2 network

•    ethernet1/3= nmnet-vwire, zone=z.nmnet, physical connection=ethernet1/2 of dmzi firewall

DMZI firewalls:

•    ethernet1/2= nmnet-vwire, zone=z.nmnet, physical connection=ethernet1/3 of dc firewall

•    ethernet1/3= nmnet-vwire, zone=z.nmnet, physical connection=ethernet1/2 of dmzo firewall

DMZO firewalls:

•    ethernet1/2= nmnet-vwire, zone=z.nmnet, physical connection=ethernet1/3 of dmzi firewall

•    ethernet1/3= nmnet-vwire, zone=z.nmnet, physical connection=ethernet1/2 of dmzo firewall

•    create tunnel.9 assigned to z.nmnet, stpe address 192.168.186.1, mkt address 192.168.196.1

•    create ipsec tunnel with ike gateway interface ethernet1/13 and tunnel interface tunnel.9

I know its long, but hopefully somebody will brave through it with an answer.

Thanks,

Bart

0 REPLIES 0
  • 1527 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!