I have a scnerio where I have a fireall that has a trunk link to a switch. That switch links to multiple customers each in thier own vlan. Typically we run an IGP between the fireawll and the customer so any new routes that they advertise are learned by the firewall. The firewall links up to a campus core where customers routes are advertised.
Problem I am having is this. If the customer needs to see certain traffic coming from the campus as a different source IP then we would need to create a new sub-interface on the fireall, create new NATs and then use 'STATIC ROUTING'. Reason being is that for some reason (someone here may know better) OSPF will not form an adj between the customer router and the firewall along the sub-interface if there is already an ospf adj between the two. Not sure why i would assume its a different "interface" all togeather. Work around is static routes pointing out the new sub interface and that traffic gets translated to the source the customer wants to see.
So my question is this... Is there a scalable design that can be maintned here?
No comments:
Post a Comment