Hey everyone,
I'm setting up a lab in GNS3 with redundant OPNsense firewalls, and I now want to connect those to my redundant Cisco L3 core switches.
FW1----FW2
| CARP |
SW1----SW2
- Network: 10.0.0.0/29
- FW1: 10.0.0.2
- FW2: 10.0.0.3
- VIP (CARP) 10.0.0.1
- The FW's are highly available and sync states using CARP and pfsync
- I use OSPF on my core and distribution switches for load balancing and redundancy
- I want to avoid stacking for learning purposes because I cannot implement that in my lab
The problem is that because the switches are configured to work on L3, they cannot be in the same subnet. I could solve the problem by configuring HSRP, but I would need to add L2 devices between my FW's and switches for that, and I would like to avoid that.
How do people usually configure this kind of setup? Is it possible to make FW's fail over using CARP in a fully routed network?
Edit: formatting because the topology moved
No comments:
Post a Comment