Our existing network has two ISP links, connected to CISCO ISR4351 router
ISP1: (total 6 usable Live IPs)
IP: 192.168.201.212
Subnet: 255.255.255.248
Gateway: 192.168.201.209
ISP2:
IP: 172.20.28.236
Subnet: 255.255.255.248
Gateway: 172.20.28.233
Two ports GbE 1/0/1 & GbE 1/0/3 of cisco 9200 series switch (nick name: internet switch) are present in “Internet vLAN eg: vlan70” each port connected to our checkpoint firewalls respectively & A trunk goes from same switch switchport GbE 1/0/2 to the above-mentioned CISCO ISR4351 router.
The whole set of networking hardware present today was procured in an unplanned manner by previous employees and because firewall is physical one, checkpoint firewall’s renewal cost is very high as compared to its utilization in existing business scenario & we are still unable to charge & bill each department via our billing system, present within our Sangfor HCI based Cloud Platform. Now instead of getting it renewed, we are trying to get Sangfor’s virtual NGAF appliance which will be hosted within same HCI platform.
What I want to do:
Above mentioned ISP links, routers & internet switch are present in another room apart from datacenter. I want to stretch or you can say connect or drop existing ethernet link provided by ISP1 (so to utilize all usable IPs in the pool), to my new virtual NGAF appliance hosted within HCI cluster.
HCI Cluster / servers management interfaces (via mgmt vlan of existing LAN infra) are connected to a Cisco 9200 Series switch present in datacenter (further referred as Mgmt Switch), this connectivity will have to remain same so that I can manage them all locally.
My Understanding & working till date:
Connected ethernet link from ISP1 to 1/0/48 of “internet switch” made it a trunk and allowed vlan700 to pass, configured another trunk between “Mgmt Switch” & the “Internet Switch”, using ports Te1/1/1 of both switches and allowed only vlan700 via trunk on both sides. On “Mgmt Switch” included 4 GbE ports into this vlan700, connected eth3 NIC of all 4 HCI servers to these 4 switch ports & within HCI Cluster I will configure an edge gateway connected to eth3 interfaces of all servers and further connected to virtual NGAF appliance.
But before going any further, I wanted to test the connectivity with ISP1, therefore on Internet Switch configured GbE 1/0/47 as trunk allowd vlan 700 to pass and connected my laptop to it, assigned live IP (mentioned above) of ISP1, internet did’nt work saying unidentified network.
I tried adding a route ip route 0.0.0.0 0.0.0.0 192.168.201.209 but no use.
I read an old answer by #TheCleaner (link given below) & performed above mentioned activity. Can anyone help me resolve the issue or direct me to a correct way of doing it.
Can internet gateways be plugged straight into a layer 2 switch?
Since existing internet switch is also handling/passing all the traffic going towards internet from existing checkpoint firewall as mentioned previously, I saw a default route which is actually pointing towards IP of the existing CISCO ISR4351, but before messing with anything I decided to ask.
#ip default-gateway 172.16.70.4
