Hi all,
Right now I have a C6500 doing internal vlan switching as well as
routing/ACL/ospf/L2 uplink to rest of the network.
Ext Net----|G5/1 on C6500|---Int Net
I want to put 2 obsd firewalls (carp-pfsync) in the way but I cannot
afford to put an external switch for the link.
So the C6500 will still keep the L2 link (G5/1 interface) as well as the
internal VLANs. I prefer to keep all vlans on the
cisco for the moment...
The Firewalls will connect on C6500 on interfaces G1/1, G1/2 (firewall1
in/out) and G2/1, G2/2 (firewall2 in/out).
I was thinking to make 2 new vlans. One vlan would have G5/1, G1/1, G2/1
and the second vlan
would have G1/2 and G2/2. The external IP (routing to ext net) would go
on the external interfaces of the firewalls.
The internal interfaces of the firewalls would have a new IP. The 2
firewalls will cross connect on a 3rd interface for pfsync.
a) Would you suggest a better setup for this project?
b) I have an Intel ET gigabit dual port server adapter on each firewall.
Is it better to use both interfaces for in/out or
just use one interface with vlan tagging. What is best for performance
(less interrupts?)
regards,
Giannis
